[#MDEV-17290] Mechanism for encrypting ssl

[MDEV-17290] Mechanism for encrypting ssl_key Created: 2018-09-25 Updated: 2023-11-30
Status:	Open
Project:	MariaDB Server
Component/s:	Encryption, Plugin - pam, Server, SSL
Fix Version/s:	None

Type:

New Feature

Priority:

Minor

Reporter:

Nick Bolton

Assignee:

Unassigned

Resolution:

Unresolved

Votes:

Labels:

None

Issue Links:

PartOf
is part of	MDEV-14091	Support for passphrase protected keys	Open

Description

The ssl_key setting is used to defined the private key used for SSL/TLS connections.

We need the ability to obfuscate the contents of that file, e.g. as a PKCS#12 keystore like some of the clients support. Request is to add a mechanism for specifying a keystore password in the configuration.
Ideally, this will have the option to use a file or a value; as with "file_key_management_filekey=FILE:" in the file_key_management plugin.

Comments

Comment by Sergei Golubchik [ 2018-10-01 ]

would MDEV-14091 do what you need?

Comment by Nick Bolton [ 2018-10-01 ]

This could well be merged into MDEV-14091.
We need a parameter such as "ssl-passphrase" so the keystore can be obfuscated, in-line with the data at rest keystore.

Generated at Thu Feb 08 08:35:21 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.

[MDEV-17290] Mechanism for encrypting ssl_key Created: 2018-09-25 Updated: 2023-11-30