MySQL 8.0.40
Source Code Documentation
|
MySQL Keyring infrastructure consists of following parts:
One of the most important usecase for using keyring infrastructure is to support encryption for data at rest. A program like MySQL server stores data on file system. If someone gets access to this data, all sensitive information will be exposed. In order to protect such an offline threat, data should be stored in an encrypted manner. Keyring infrastructure helps managing key(s) secure. By using keyring component APIs, program does not have to worry about how keyring server manages these keys.
In order to support transparent data encryption usecase, it is imperative that keyring is available very early in start-up sequence. That's why keyring component should be able to load only using minmal chassis framework. See The Minimal Chassis for more details on minimal chassis.
Keyring component services provide a way for a binary to communicate to diffierent key management server/backend in a uniform manner. The complexity to use the actual key management server/backend are hidden by these services.
Keyring component services can be devided in 4 parts:
These services provide ways to manage sensitive data Examples: fetch, generate, store, remove sensitive data.
List of services:
These services provide functionality using data stored in keyring. Examples: encryption services using keys stored in keyring
List of services:
These services are responisble for making sure that keyring is operational. Examples: load service
List of services:
These services provide information about keyring component's status. Example: component metadata in {key, value} format
List of services:
Refer to Keyring component services for details of keyring component services.