Comments - Encryption Key Management
Content reproduced on this site is the property of its respective owners,
and this content is not reviewed in advance by MariaDB. The views, information and opinions
expressed by this content do not necessarily represent those of MariaDB or any other party.
do you know if Mariadb checks for the key at start up time only?
IN other words, with the File Key Management Plugin set up, would Mariadb still run if the key is co-located someplace else off the server?
We've set up File key mgt plugin and it works well,. and looking now for a quick solution even it requires a some ad-hoc manual process to move the key on and off server.
Thanks!
There is a small typo:
# openssl enc -aes-256-cbc -md sha11 -k your_passwd \ -in /etc/mysql/keys -out /etc/mysql/keys.encShould be:
# openssl enc -aes-256-cbc -md sha1 -k your_passwd \ -in /etc/mysql/keys -out /etc/mysql/keys.encsha11 doesn't exist.
Fixed. Much obliged.
Thanks to you. BTW: Maybe I spotted another one while trying to use the instructions (I can't manage to load file_management_plugin from .cnf file... sigh).
The config sample uses:
file_key_management_encryption
while the variable should be:
file_key_management_encryption_algorithm
either one or the other is wrong (which one?)
file_key_management_encryption_algorithm - works for me
you need also install plugin using SQL command:
install plugin FILE_KEY_MANAGEMENT soname 'file_key_management';
The plugin installation will work is configuration is correct - the errors will describe where the potential mistake appears.
Thanks.
The *_algorithm is the right one, I've already managed to make it work. There was a problem of file rights (the files where only root readable, but the mysqld switched to mysql before reading).