Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-9659

Create encryption plugin that utilizes AWS Key Management Service

Details

    • 10.2.0-7, 10.2.0-8

    Description

      • Whenever a new key or a key version is required (e.g CREATE TABLE ... ENCRYPTED=YES), plugins issues GenerateDataKeyWithoutPlaintext AWS API call to generate a new datakey, and stores ciphered key it in a file in the data directory. The file name for a key-number $key and version $ver will be aws-kms-key.$key.$ver
      • Ciphered datakeys are decrypted(in memory) using Decrypt API call , and returned by get_key() encryption API calls.
      • The data is encrypted with plain key, using AES-128 or AES-256 , depending on plain key length.

      Attachments

        Activity

          Transition Time In Source Status Execution Times
          Vladislav Vaintroub made transition -
          Open In Progress
          		3d 10h 18m 1
          Vladislav Vaintroub made transition -
          In Progress In Review
          		10m 53s 1
          Sergei Golubchik made transition -
          In Review Stalled
          		3d 21h 43m 1
          Vladislav Vaintroub made transition -
          Stalled Closed
          		6d 1h 9m 1

          People

            wlad Vladislav Vaintroub
            wlad Vladislav Vaintroub
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.