Yes. That will be caught by badger as “Encryption Key Mismatch” and panic. @ibrahim can we return an error instead so dgraph can propagate a useful log and exit gracefully?
Also, I realized even the mechanism to “change” an encryption key is not clean. It needs to be exported and then live-loaded onto an alpha with the new key. Bulk/Restore assumes same key for encryption and decryption.
Summarizing
Fixes:
- Allow Bulk/Restore to have enc-key and dec-key. (Paras). This will allow changing keys and removing encryption.
- exit dgraph gracefully when error on key. (Paras)
- badger to send error when key mismatches. (Ibrahim)
- More tests (Ibrahim and Paras)