s_mysql_keyring_writer Struct Reference

Keyring writer service provides APIs to add/remove sensitive data to/from keyring backend. More...

#include <keyring_writer.h>

Public Attributes
mysql_service_status_t(*	store )(const char *data_id, const char *auth_id, const unsigned char *data, size_t data_size, const char *data_type)
	Store data identified with (data_id, auth_id) in keyring backend. More...
mysql_service_status_t(*	remove )(const char *data_id, const char *auth_id)
	Remove data identified by (data_id, auth_id) from keyring backend if present. More...

Detailed Description

Keyring writer service provides APIs to add/remove sensitive data to/from keyring backend.

Data stored within keyring should be uniquely identified using:

1. Data ID An identifier associated with data - supplied by keyring APIs' callers
2. Auth ID An identifier associated with owner of the data - suppled by keyring APIs' callers. If Auth ID is not provided, key is treated as an internal key. Such a key shalll not be accessible to database users using SQL interface

bool write_key(const char *data_id, const char *auth_id,
               const unsigned char *data_buffer, size_t data_length,
               const char *data_type) {
  my_service<SERVICE_TYPE(keyring_writer)> keyring_writer("keyring_writer",
                                                          m_reg_srv);
  if (!keyring_writer.is_valid()) {
    return true;
  }
 
  return keyring_writer->store(data_id, auth_id, data_buffer, data_length,
                            data_type);
}
 
bool remove_key(const char *data_id, const char *auth_id) {
  my_service<SERVICE_TYPE(keyring_writer)> keyring_writer("keyring_writer",
                                                          m_reg_srv);
  if (!keyring_writer.is_valid()) {
    return true;
  }
 
  return keyring_writer->remove(data_id, auth_id);
}

Member Data Documentation

remove

mysql_service_status_t(* s_mysql_keyring_writer::remove) (const char *data_id, const char *auth_id)

Remove data identified by (data_id, auth_id) from keyring backend if present.

Data_type value is implementation specific. It associates type label with data which may be an important indicator for certain backends.

Examples: AES, SECRET

Once removed, data should not be accessible through keyring implementation. Based on keyring backend, implementor may decide to either destroy the data completely or change the state of the data to make in unavailable.

Parameters

[in]	data_id	Data Identifier. Byte string.
[in]	auth_id	Authorization ID. Byte string.

Returns

status of the operation

Return values

false	Success - Key removed successfully or key not present.
true	Failure

store

mysql_service_status_t(* s_mysql_keyring_writer::store) (const char *data_id, const char *auth_id, const unsigned char *data, size_t data_size, const char *data_type)

Store data identified with (data_id, auth_id) in keyring backend.

Data_type value is implementation specific. It associates type label with data which may be an important indicator for certain backends.

Examples: AES, SECRET

Note: If components want to support aes_encryption service, it must support storing data of type AES.

A success status implies that data is stored persistently on keyring backend and shall always be available for access unless removed explicitly.

Note

Implementation can restrict type and/or size of data that can be stored in keyring.

Parameters

[in]	data_id	Data Identifier. Byte string.
[in]	auth_id	Authorization ID. Byte string.
[in]	data	Data to be stored. Byte string.
[in]	data_size	Size of data to be stored
[in]	data_type	Type of data. ASCII. Null terminated.

Returns

status of the operation

Return values

false	Success - Data is stored successfully in backend
true	Failure

---

The documentation for this struct was generated from the following file:

• include/mysql/components/services/keyring_writer.h