MariaDB AWS Key Management Service (KMS) Encryption Plugin

存储架构 2016-04-21

MariaDB 10.1 introduced Data at Rest Encryption
. By default we provide a file_key_management plugin. This is a basic plugin storing keys in a file that can be itself encrypted. This file can come from a usb stick removed once keys have been brought into memory. But this remains a basic solution not suitable for security compliance rules.

To secure keys in a better way we have introduced a new plugin call « Amazon Web Services (AWS) Key Management Service (KMS) Encryption Plugin. We provide a setup guide
and an advanced setup guide
with some nice go code to do 2 factors authentication (sample code written by Kolbe).

The AWS KMS encryption plugin is only compiled in the MariaDB Enterprise binaries. The sources code of this plugin is GPL and part of the MariaDB Server repository available here
. The instructions for building the plugin from source are there
.

This plugin is a good example of how to write a plugin to interface to a KMS. It can serve as an example for developing plugins for other KMS (Thales, Gemalto/Safenet, Azure Key Vault…). The KMS itself can be software only or associated with an HSM (Hardware Security Module) to introduced hardware protected keys and hardware encryption through cryptoprocessor. For some businesses this is part of compliance rules (PCI PTS).

责编内容by:Serge Frezefond 's blog (源链)。感谢您的支持!

您可能感兴趣的

MariaDB 10.2.14 发布,新增磁盘空间监视插件... MariaDB 10.2.14 发布了。MariaDB 主要由开源社区在维护,采用 GPL 授权许可。 MariaDB 的目的是完全兼容 MySQL,包括 AP...
Streaming Data From MariaDB Server Into MariaDB Co... In this blog post, we look at how to configure Change Data Capture (CDC) ...
MariaDB gets meaty on decoupled JSON data masked l... Open source database company MariaDB Corporation has moved to iteration Mari...
Real-time Data Streaming with MariaDB AX When we started working on the big data and distributed columnar technology thr...
MySQL在insert-update-delete的注入Tricks 看到P牛的一篇文章,提到几个trick,其中在MySQL5.7 INSERT注入方法。 然后找了一些资料学习了一波。 先来看个简单的例子 ...