Comments - Data-at-Rest Encryption Overview

7 years, 5 months ago Kolbe Kegel

Re: Backups with Data at Rest Encryption

When a key is rotated in AWS KMS, it keeps the same key alias and earlier versions of the key are still available for decryption. Take a look at http://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html for more information. Local key rotation, done by MariaDB Server, causes the new version of the key to be written to a file in your datadir. Old versions of the key are kept as well, since they'll be needed to decrypt tables/pages/logs encrypted using earlier versions of the key. When you're certain that an older version of a key is no longer needed, you can delete the corresponding file from the datadir.

Content reproduced on this site is the property of its respective owners, and this content is not reviewed in advance by MariaDB. The views, information and opinions expressed by this content do not necessarily represent those of MariaDB or any other party.

Comments - Data-at-Rest Encryption Overview

Products

Services

Pricing

Resources

About Us

Download MariaDB