- 220.127.116.11 Keyring Plugin Installation
- 18.104.22.168 Using the keyring_file File-Based Plugin
- 22.214.171.124 Using the keyring_okv KMIP Plugin
- 126.96.36.199 Using the keyring_aws Amazon Web Services Keyring Plugin
- 188.8.131.52 Supported Keyring Key Types
- 184.108.40.206 General-Purpose Keyring Key-Management Functions
- 220.127.116.11 Plugin-Specific Keyring Key-Management Functions
- 18.104.22.168 Keyring System Variables
MySQL Server supports a keyring service that enables internal server components and plugins to securely store sensitive information for later retrieval. The implementation is plugin-based:
MySQL 5.7.11 and higher includes a keyring plugin,
keyring_file, that stores keyring data in a file local to the server host. This plugin is available in all MySQL distributions, Community Edition and Enterprise Edition included.Warning
keyring_fileplugin for encryption key management is not intended as a regulatory compliance solution. Security standards such as PCI, FIPS, and others require use of key management systems to secure, manage, and protect encryption keys in key vaults or hardware security modules (HSMs).
MySQL 5.7.12 and higher includes
keyring_okv, a KMIP 1.1 plugin for use with KMIP-compatible back end keyring storage products such as Oracle Key Vault and Gemalto SafeNet KeySecure Appliance. This plugin is available in MySQL Enterprise Edition distributions.
MySQL 5.7.19 and higher includes
keyring_aws, a plugin that communicates with the Amazon Web Services Key Management Service for key generation and uses a local file for key storage. This plugin is available in MySQL Enterprise Edition distributions.
MySQL 5.7.13 and higher includes an SQL interface for keyring key management, implemented as a set of user-defined functions (UDFs).
InnoDB storage engine uses the keyring to
store its key for tablespace encryption.
can use any supported keyring plugin.
For general keyring installation instructions, see Section 22.214.171.124, “Keyring Plugin Installation”. For information specific to a given keyring plugin, see the section describing that plugin.
For information about using the keyring UDFs, see Section 126.96.36.199, “General-Purpose Keyring Key-Management Functions”.
Keyring plugins and UDFs access a keyring service that provides the interface for server components to the keyring. For information about accessing the keyring plugin service and writing keyring plugins, see Section 28.3.2, “The Keyring Service”, and Section 188.8.131.52, “Writing Keyring Plugins”.