MariaDB ColumnStore credentials management (6.2.3+) encrypts ColumnStore.xml passwords via the cskeys and cspasswd utilities, with keys stored at /var/lib/columnstore/.secrets.
Overview
Starting with MariaDB ColumnStore 6.2.3, ColumnStore supports encryption for user passwords stored in ColumnStore.xml:
Encryption keys are created with the cskeys utility
Passwords are encrypted using the cspasswd utility
Compatibility
MariaDB ColumnStore 6
MariaDB ColumnStore 22.08
MariaDB ColumnStore 23.02
Encryption Keys
MariaDB ColumnStore stores its password encryption keys in the plain-text file /var/lib/columnstore/.secrets.
The encryption keys are not created by default, but can be generated by executing the cskeys utility:
$ cskeys
In a multi-node Enterprise ColumnStore cluster, every ColumnStore node should have the same encryption keys. Therefore, it is recommended to execute cskeys on the primary server and then copy /var/lib/columnstore/.secrets to every other ColumnStore node and fix the file's permissions:
Security vulnerabilities (CVEs) fixed in MariaDB ColumnStore, with links to release notes and the MariaDB Server CVE list; no known CVEs are open on ColumnStore-specific infrastructure.
This page is about security vulnerabilities that have been fixed for or still affect MariaDB ColumnStore. In addition, links are included to fixed security vulnerabilities in MariaDB Server since MariaDB ColumnStore is based on MariaDB Server.
Sensitive security issues can be sent directly to the persons responsible for MariaDB security: security [AT] mariadb (dot) org.
About CVEs
CVE® stands for "Common Vulnerabilities and Exposures". It is
a publicly available and free-to-use database of known software
vulnerabilities maintained at
CVEs fixed in ColumnStore
The appropriate release notes listed document CVEs fixed within a given release. Additional information can also be found at .
There are no known CVEs on ColumnStore-specific infrastructure outside of the MariaDB server at this time.