The keyring_encrypted_file keyring plugin stores keyring data in an encrypted, password-protected file local to the server host.keyring_encrypted_file密钥环插件将密钥环数据存储在服务器主机本地的加密、密码保护的文件中。

To install keyring_encrypted_file, use the general instructions found in Section 6.4.4.3, “Keyring Plugin Installation”, together with the configuration information specific to keyring_encrypted_file found here.要安装keyring_encrypted_file，请使用第6.4.4.3节，“keyring插件安装”中的一般说明，以及此处提供的特定于keyring_encrypted_file的配置信息。

To be usable during the server startup process, keyring_encrypted_file must be loaded using the --early-plugin-load option. 为了在服务器启动过程中使用，必须使用--early-plugin-load选项加载keyring_encrypted_file。To specify the password for encrypting the keyring data file, set the keyring_encrypted_file_password system variable. 要指定加密密钥环数据文件的密码，请设置keyring_encrypted_file_password系统变量。(The password is mandatory; if not specified at server startup, keyring_encrypted_file initialization fails.) （密码是必需的；如果在服务器启动时未指定，keyring_encrypted_file初始化将失败。）The keyring_encrypted_file_data system variable optionally configures the location of the file used by the keyring_encrypted_file plugin for data storage. keyring_encrypted_file_data系统变量可选地配置keyring_encrypted_file插件用于数据存储的文件的位置。The default value is platform specific. 默认值是特定于平台的。To configure the file location explicitly, set the variable value at startup. 要显式配置文件位置，请在启动时设置变量值。For example, use these lines in the server my.cnf file, adjusting the .so suffix and file location for your platform as necessary and substituting your chosen password:例如，在服务器my.cnf文件中使用这些行，根据需要调整.so后缀和平台的文件位置，并替换您选择的密码：

[mysqld]
early-plugin-load=keyring_encrypted_file.so
keyring_encrypted_file_data=/usr/local/mysql/mysql-keyring/keyring-encrypted
keyring_encrypted_file_password=password

Because the my.cnf file stores a password when written as shown, it should have a restrictive mode and be accessible only to the account used to run the MySQL server.因为my.cnf文件在如图所示写入时存储了密码，所以它应该具有限制模式，并且只能由用于运行MySQL服务器的帐户访问。

Keyring operations are transactional: The keyring_encrypted_file plugin uses a backup file during write operations to ensure that it can roll back to the original file if an operation fails. 密钥环操作是事务性的：keyring_encrypted_file插件在写入操作期间使用备份文件，以确保在操作失败时可以回滚到原始文件。The backup file has the same name as the value of the keyring_encrypted_file_data system variable with a suffix of .backup.备份文件与keyring_encrypted_file_data系统变量的值同名，后缀为.backup。

For additional information about the system variables used to configure the keyring_encrypted_file plugin, see Section 6.4.4.18, “Keyring System Variables”.有关用于配置keyring_encrypted_file插件的系统变量的更多信息，请参阅第6.4.4.18节，“keyring系统变量”。

To ensure that keys are flushed only when the correct keyring storage file exists, keyring_encrypted_file stores a SHA-256 checksum of the keyring in the file. 为确保仅在存在正确的密钥环存储文件时刷新密钥，keyring_encrypted_file在文件中存储密钥环的SHA-256校验和。Before updating the file, the plugin verifies that it contains the expected checksum. 在更新文件之前，插件会验证它是否包含预期的校验和。In addition, keyring_encrypted_file encrypts file contents using AES before writing the file, and decrypts file contents after reading the file.此外，keyring_encrypted_file在写入文件之前使用AES加密文件内容，并在读取文件后解密文件内容。

The keyring_encrypted_file plugin supports the functions that comprise the standard MySQL Keyring service interface. Keyring operations performed by those functions are accessible at two levels:keyring_encrypted_file插件支持构成标准MySQL keyring服务接口的函数。这些功能执行的钥匙扣操作可在两个级别访问：

Example (using the SQL interface):示例（使用SQL接口）：

SELECT keyring_key_generate('MyKey', 'AES', 32);
SELECT keyring_key_remove('MyKey');

For information about the characteristics of key values permitted by keyring_encrypted_file, see Section 6.4.4.12, “Supported Keyring Key Types and Lengths”.有关keyring_encrypted_file允许的键值特征的信息，请参阅第6.4.4.12节，“支持的密钥环密钥类型和长度”。