lukesmurray
commented
5 years ago started messing around with this and its harder than expected. The keyring file needs to be stored in a directory that only mysql can access, so it cannot be passed as a docker volume. I believe this could be implemented on the server without too much effort. I don't want to stop local development with docker so I think an alternative solution would be worth looking in to.
Mysql support database encryption where the data is only encrypted in the database is returned to the application unencrypted. This is called data at rest encryption.
https://dev.mysql.com/doc/refman/5.7/en/faqs-tablespace-encryption.html
I believe this would be the easiest way to encrypt data in the database since it requires no changes on the application side.