MySQL 8.0.40
Source Code Documentation
|
Classes | |
struct | s_mysql_keyring_aes |
Keyring aes encryption service provides APIs to perform AES encryption/decryption operation on given data. More... | |
struct | s_mysql_keyring_generator |
Key generator service provides a way to generate random data and store it in keyring backend. More... | |
struct | s_mysql_keyring_keys_metadata_iterator |
Keyring keys metadata iterator service provides APIs to create and use iterator to access metadata associated with all keys stored in keyring. More... | |
struct | s_mysql_keyring_load |
Keyring load service provides way to initialize or reiniitalize keyring component. More... | |
struct | s_mysql_keyring_component_status |
Keyring component status provides a way to check whether keyring is active or not. More... | |
struct | s_mysql_keyring_component_metadata_query |
Keyring component metadata query service provides APIs to obtain component specific metadata in string format. More... | |
struct | s_mysql_keyring_reader_with_status |
Keyring reader with status service provides APIs to fetch sensitive data from keyring backend. More... | |
struct | s_mysql_keyring_writer |
Keyring writer service provides APIs to add/remove sensitive data to/from keyring backend. More... | |
Typedefs | |
typedef struct s_mysql_keyring_aes | mysql_service_keyring_aes_t |
Keyring aes encryption service provides APIs to perform AES encryption/decryption operation on given data. More... | |
typedef struct s_mysql_keyring_generator | mysql_service_keyring_generator_t |
Key generator service provides a way to generate random data and store it in keyring backend. More... | |
typedef struct s_mysql_keyring_keys_metadata_iterator | mysql_service_keyring_keys_metadata_iterator_t |
Keyring keys metadata iterator service provides APIs to create and use iterator to access metadata associated with all keys stored in keyring. More... | |
typedef struct s_mysql_keyring_load | mysql_service_keyring_load_t |
Keyring load service provides way to initialize or reiniitalize keyring component. More... | |
typedef struct s_mysql_keyring_component_status | mysql_service_keyring_component_status_t |
Keyring component status provides a way to check whether keyring is active or not. More... | |
typedef struct s_mysql_keyring_component_metadata_query | mysql_service_keyring_component_metadata_query_t |
Keyring component metadata query service provides APIs to obtain component specific metadata in string format. More... | |
typedef struct s_mysql_keyring_reader_with_status | mysql_service_keyring_reader_with_status_t |
Keyring reader with status service provides APIs to fetch sensitive data from keyring backend. More... | |
typedef struct s_mysql_keyring_writer | mysql_service_keyring_writer_t |
Keyring writer service provides APIs to add/remove sensitive data to/from keyring backend. More... | |
typedef struct s_mysql_keyring_aes mysql_service_keyring_aes_t |
Keyring aes encryption service provides APIs to perform AES encryption/decryption operation on given data.
These methods make sure that key never leaves keyring component.
typedef struct s_mysql_keyring_component_metadata_query mysql_service_keyring_component_metadata_query_t |
Keyring component metadata query service provides APIs to obtain component specific metadata in string format.
Metadata would be in (key, value) pair.
Implementor can decide what metadata should be exposed through these APIs.
One of the primary consumer of this metadata is Performance schema table keyring_component_status.
Keyring component status provides a way to check whether keyring is active or not.
typedef struct s_mysql_keyring_generator mysql_service_keyring_generator_t |
Key generator service provides a way to generate random data and store it in keyring backend.
Data stored within keyring should be uniquely identified using:
This service does not return generated data back to user. For that, Keyring reader service should be used.
typedef struct s_mysql_keyring_keys_metadata_iterator mysql_service_keyring_keys_metadata_iterator_t |
Keyring keys metadata iterator service provides APIs to create and use iterator to access metadata associated with all keys stored in keyring.
typedef struct s_mysql_keyring_load mysql_service_keyring_load_t |
Keyring load service provides way to initialize or reiniitalize keyring component.
This must be implemented by any component that aims at providing keyring functionality.
Keyring reader with status service provides APIs to fetch sensitive data from keyring backend.
It is designed to be compatible with corresponding plugin method which returns state of the keyring as well.
Data stored within keyring should be uniquely identified using:
fetch and fetch_length APIs return a value indicating one of the 3 possible states.
Implementor can choose to: A. Read data from backend on each request B. Cache data in memory and server read requests from the cache
In case of B, care should be taken to keep cached data in sync with backend.
To go one step further, implementation may let user choose behavior (cached or otherwise) for read operation through configuration options.
typedef struct s_mysql_keyring_writer mysql_service_keyring_writer_t |
Keyring writer service provides APIs to add/remove sensitive data to/from keyring backend.
Data stored within keyring should be uniquely identified using: