Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-20098

Implement key rotation for binary log and relay log

    XMLWordPrintable

    Details

      Description

      In version 3.2.1 of the PCI DSS, sections 3.6.4 and 3.6.5 say that applications must have procedures for changing or replacing encryption keys.

      https://www.pcisecuritystandards.org/document_library?category=pcidss&document=pci_dss

      For encryption of the binary log and the relay log, if an encryption key is rotated, then I believe that existing binary logs and relay logs continue to use the old version of the encryption key. As far as I know, MariaDB does not have any mechanism to re-encrypt binary logs and relay logs with a new encryption key or a new version of an encryption key. This limitation would make it a bit more difficult for our users to satisfy these requirements of the PCI DSS.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Elkin Andrei Elkin
              Reporter:
              GeoffMontee Geoff Montee
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated: