The AWS KMS Encryption Plugin (aws_key_management) integrates with Amazon Web Services (AWS) KMS
The AWS KMS Encryption Plugin (aws_key_management) allows you to:
Use AWS KMS to manage MariaDB's encryption keys.
Encrypt MariaDB data using those keys, including:
Rotate encryption keys.
Additional information is available .
MariaDB's encryption plugins provide transparent data encryption (TDE) for stored data, securing tablespaces and logs to protect sensitive information and meet compliance.
MariaDB Enterprise Server and MariaDB Community Server support , which secures data on the file system. The server and storage engines encrypt data before writing and decrypt during reads, ensuring that the data is only unencrypted when accessed directly through the server.
They support multiple encryption plugins, which are suited for different use cases.
No
It integrates with HashiCorp Vault
It supports key rotation
It securely communicates with the remote KMS using TLS.
It integrates with AWS KMS
It supports key rotation
It must be compiled from source
Stores encryption keys in a local plain-text key file
The plain-text key file can be encrypted
It does not support key rotation.
Supported by MariaDB Enterprise Server
Yes
Yes
Yes
Supported by MariaDB Community Server
No
Yes
Yes
Supports key rotation
Yes
Yes
This page is: Copyright © 2025 MariaDB. All rights reserved.
This page is: Copyright © 2025 MariaDB. All rights reserved.