Documentation Home
MySQL 5.7 Reference Manual
Related Documentation Download this Manual
PDF (US Ltr) - 38.0Mb
PDF (A4) - 38.1Mb
PDF (RPM) - 37.3Mb
HTML Download (TGZ) - 10.2Mb
HTML Download (Zip) - 10.3Mb
HTML Download (RPM) - 8.9Mb
Man Pages (TGZ) - 217.0Kb
Man Pages (Zip) - 329.9Kb
Info (Gzip) - 3.5Mb
Info (Zip) - 3.5Mb
Excerpts from this Manual

MySQL 5.7 Reference Manual  /  ...  /  Plugin-Specific Keyring Key-Management Functions

6.5.4.7 Plugin-Specific Keyring Key-Management Functions

For each keyring plugin-specific user-defined function (UDF), this section describes its purpose, calling sequence, and return value. For information about general-purpose keyring UDFs, see Section 6.5.4.6, “General-Purpose Keyring Key-Management Functions”.

  • keyring_aws_rotate_cmk()

    This UDF is associated with the keyring_aws plugin. Its use requires the SUPER privilege.

    keyring_aws_rotate_cmk() rotates the customer master key (CMK). Rotation changes only the key that AWS KMS uses for subsequent data key-encryption operations. AWS KMS maintains previous CMK versions, so keys generated using previous CMKs remain decryptable after rotation.

    Rotation changes the CMK value used inside AWS KMS but does not change the ID used to refer to it, so there is no need to change the keyring_aws_cmk_id system variable after calling keyring_aws_rotate_cmk().

    Syntax:

    INTEGER keyring_aws_rotate_cmk()

    Arguments:

    None.

    Return values:

    Returns 1 for success, or NULL and an error for failure.

  • keyring_aws_rotate_keys()

    This UDF is associated with the keyring_aws plugin. Its use requires the SUPER privilege.

    keyring_aws_rotate_keys() rotates keys stored in the keyring_aws storage file named by the keyring_aws_data_file system variable. Rotation sends each key stored in the file to AWS KMS for re-encryption using the value of the keyring_aws_cmk_id system variable as the CMK value, and stores the new encrypted keys in the file.

    keyring_aws_rotate_keys() is useful for key re-encryption under these circumstances:

    • After rotating the CMK; that is, after invoking the keyring_aws_rotate_cmk() UDF

    • After changing the keyring_aws_cmk_id system variable to a different key value

    Syntax:

    INTEGER keyring_aws_rotate_keys()

    Arguments:

    None.

    Return values:

    Returns 1 for success, or NULL and an error for failure.


User Comments
Sign Up Login You must be logged in to post a comment.