Starting off with encryption for MariaDB 10.1 one was limited to using mysqldump. It wasn’t too bad except the inability to easily do incremental backups. Yes this can be done, but it is not pretty and it is dumped out unencrypted, which is a deal breaker for PCI/PII scoped data.
I wrote some utility code to handle these mysqldumps that used a generated encryption key to protect the data. It then created a zip archive that could easily be backed up, catalogued, and stored. It worked great and got the job done, however it was not easy on storage.
Thankfully the fine folks at MariaDB came out with mariabackup, which is a port of Percona’s xtrabackup utility, that fully supports encryption. Both of these utilities are pretty slick with a lot of capabilities, including easy to use incremental backups.
This meant re-working what I had previously written, however we now have a much more robust solution without the overhead of archiving and encrypting the data. The mariabackup utility handles it, with the addition of easy to use incremental backups. This saves us significant storage space and compute processes.
There are a few ways to do this, however I chose to develop a backup catalog in order to manage and track the backups. Our scenario is to do 1 full and the rest incremental backups each week, so it does a full backup on Sunday and then the delta via the incremental backups the rest of the week.
All this is controlled via the catalog for log sequence tracking and etc. Easily searchable and daily email logs containing the day’s processing. Pretty slick IMHO!