Understanding the HashiCorp Vault Encryption Plugin
This page is part of MariaDB's Documentation.
The parent of this page is: HashiCorp Vault
Topics on this page:
Overview
The HashiCorp Vault Encryption Plugin (hashicorp_key_management
) integrates with HashiCorp Vault. It is available in MariaDB Enterprise Server 10.4.18-11 and later.
When to Use the HashiCorp Vault Encryption Plugin?
The HashiCorp Vault Encryption Plugin (hashicorp_key_management
) allows you to:
Use HashiCorp Vault. to manage MariaDB's encryption keys.
Encrypt MariaDB data using those keys, including:
Rotate encryption keys.
About HashiCorp Vault
HashiCorp Vault is an open source KMS that provides many advanced features:
Data-at-rest encryption using AES-256 in Galois Counter Mode (GCM)
Data-in-transit encryption between Vault and server using TLS
HashiCorp also provides an Enterprise version of Vault, which has even more features. MariaDB Enterprise Server 10.4 and later support both the Open Source and Enterprise versions.