Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-9659

Create encryption plugin that utilizes AWS Key Management Service

    XMLWordPrintable

Details

    • 10.2.0-7, 10.2.0-8

    Description

      • Whenever a new key or a key version is required (e.g CREATE TABLE ... ENCRYPTED=YES), plugins issues GenerateDataKeyWithoutPlaintext AWS API call to generate a new datakey, and stores ciphered key it in a file in the data directory. The file name for a key-number $key and version $ver will be aws-kms-key.$key.$ver
      • Ciphered datakeys are decrypted(in memory) using Decrypt API call , and returned by get_key() encryption API calls.
      • The data is encrypted with plain key, using AES-128 or AES-256 , depending on plain key length.

      Attachments

        Activity

          People

            wlad Vladislav Vaintroub
            wlad Vladislav Vaintroub
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.