[#MXS-4131] Create a generic key management facility

KMIP Binlog Data At Rest Encryption (MXS-2662) [MXS-4131] Create a generic key management facility Created: 2022-05-11 Updated: 2022-06-15 Resolved: 2022-06-15
Status:	Closed
Project:	MariaDB MaxScale
Component/s:	Core
Affects Version/s:	None
Fix Version/s:	22.08.0

Type:

Sub-Task

Priority:

Major

Reporter:

markus makela

Assignee:

markus makela

Resolution:

Fixed

Votes:

Labels:

None

Sprint:

MXS-SPRINT-157, MXS-SPRINT-158, MXS-SPRINT-159, MXS-SPRINT-160, MXS-SPRINT-161, MXS-SPRINT-162

Description

Storing encryption keys on the same filesystem where the encryped data is located is not the most secure way of handling things but above all it is not a convenient way to enforce policies on key rotation or expiration. Making the key retrieval process generic enough that it can be extended to support multiple providers would make implementing them easier. For starters, the existing file-based encryption is the only one that is needed to verify that the encryption in the binlogrouter works.

Generated at Thu Feb 08 04:26:26 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.

[MXS-4131] Create a generic key management facility Created: 2022-05-11 Updated: 2022-06-15 Resolved: 2022-06-15