Description:
In a MySQL server 8.0.41 instance on Windows, I want to migrate the keyring plugin to a component_keyring_file component using the offline key migration as described here: https://dev.mysql.com/doc/refman/8.0/en/keyring-key-migration.html

The keyring plugin is activated in my my.ini which looks like this:

---
[client]
port=3306

[mysql]
default-character-set=utf8mb4

[mysqld]
bind-address = 127.0.0.1
port=3306
basedir=C:/mysql/
datadir=C:/Users/user1/mysqldata
collation-server=utf8mb4_general_ci
character-set-server=utf8mb4
pid-file=mysqld.pid
disable-log-bin
sql-mode="STRICT_TRANS_TABLES,NO_ENGINE_SUBSTITUTION"
innodb_buffer_pool_size=1G
innodb_log_file_size=256M
max_allowed_packet=128M
secure_file_priv=""
lower_case_table_names=1
            
early-plugin-load=keyring_file.dll
keyring_file_data=C:/Users/user1/mysqlkeyring/keyring
---

Running

SELECT * FROM performance_schema.keyring_keys; 

confirms there are multiple keys in my keyring.

To activate the component_keyring_file component, I added a mysqld.my file into C:\mysql\bin. It looks like this:

---
{
  "read_local_manifest": false,
  "components": "file://component_keyring_file"
}
---

In addition to that, I added a component_keyring_file.cnf file into C:\mysql\lib\plugin. It looks like this:

---
  "read_local_config": false,
  "path": "C:/Users/user1/mysqlkeyring/component_keyring_file.key",
  "read_only": false
---

Running

SELECT * FROM performance_schema.keyring_component_status;

confirms the keyring component has been activated successfully:

Component_name	       component_keyring_file
Author	               Oracle Corporation
License	               GPL
Implementation_name    component_keyring_file
Version	               1.0
Component_status       Active
Data_file	       C:/Users/user1/mysqlkeyring/component_keyring_file.key
Read_only	       No

But when I shut down the MySQL server and try to run the keyring migration tool as 

.\mysqld.exe --defaults-file=<path_to_my.ini> --keyring-migration-to-component --keyring-migration-source=keyring_file.dll --keyring-migration-destination=component_keyring_file.dll

I'll get the following output:

mysqld: Cannot load component from specified URN: 'file://component_keyring_file'.
2025-01-28T08:00:18.864292Z 0 [Warning] [MY-010915] [Server] 'NO_ZERO_DATE', 'NO_ZERO_IN_DATE' and 'ERROR_FOR_DIVISION_BY_ZERO' sql modes should be used with strict mode. They will be merged with strict mode in a future release.
2025-01-28T08:00:18.864393Z 0 [Warning] [MY-010097] [Server] Insecure configuration for --secure-file-priv: Current value does not restrict location of generated files. Consider setting it to a valid, non-empty path.
2025-01-28T08:00:18.864426Z 0 [System] [MY-010116] [Server] C:\mysql\bin\mysqld.exe (mysqld 8.0.41) starting as process 1728
2025-01-28T08:00:18.867454Z 0 [Warning] [MY-013360] [Server] Plugin keyring_file reported: ''keyring_file plugin' is deprecated and will be removed in a future release. Please use component_keyring_file instead'
2025-01-28T08:00:18.873237Z 0 [ERROR] [MY-013106] [Server] Can not perform keyring migration : Failed to initialize destination keyring.
2025-01-28T08:00:18.873264Z 0 [ERROR] [MY-011084] [Server] Keyring migration failed.
2025-01-28T08:00:18.873523Z 0 [ERROR] [MY-010119] [Server] Aborting
2025-01-28T08:00:18.873920Z 0 [System] [MY-010910] [Server] C:\mysql\bin\mysqld.exe: Shutdown complete (mysqld 8.0.41)  MySQL Community Server - GPL.

I see the same output when I try to run the online migration with a running DB server.

I would expect the migration server to load the component successfully if the regular MySQL server can load it successfully.

A similar issue (on Linux) has been reported here: https://dba.stackexchange.com/q/343573

Thank you for your support.

How to repeat:
1. Install MySQL Server 8.0.41 on Windows

2. Configure MySQL to use the my.ini file listed in the bug description.

3. Add a key to the keyring:

INSTALL PLUGIN keyring_udf SONAME 'keyring_udf.dll';

CREATE FUNCTION keyring_key_generate RETURNS INTEGER
SONAME 'keyring_udf.dll';
 
SELECT keyring_key_generate('MyKey', 'AES', 32);

4. Activate the component_keyring_file component by adding the mysqld.my and component_keyring_file.cnf files according to the official documentation.

5. Run .\mysqld.exe --defaults-file=<path_to_my.ini> --keyring-migration-to-component --keyring-migration-source=keyring_file.dll --keyring-migration-destination=component_keyring_file.dll

Oops, I forgot to add the opening and closing brackets to the contents of the component_keyring_file.cnf file in my submission. I do have them in my actual configuration file.

I found out how to successfully run the keyring migration: The manifest file (mysqld.my) must *not* exist in the /bin directory when the migration server is started. The component_keyring_file.cnf file, however, must exist.

When the migration has been performed successfully, the manifest file must be added manually before the MySQL server can be started using the keyring component now instead of the keyring plugin.

From my point of view, the official documentation is unclear about this detail and should be improved. I was pointed in the right direction only after I read the documentation that is available in the Oracle customer portal for people with commercial support. This documentation includes the following paragraph:

"If the migration fails and gives an error showing:
  'Failed to initialize destination keyring'
This is because you have a manifest file in the installation directory already. Remove the manifest file (check component is not already being used) and try the migration again."

This bug can be closed.

Closing as 'not a bug'. Official documentation should be improved.