Documentation Home
MySQL 5.7 Reference Manual
Related Documentation Download this Manual
PDF (US Ltr) - 37.2Mb
PDF (A4) - 37.2Mb
PDF (RPM) - 36.9Mb
EPUB - 10.5Mb
HTML Download (TGZ) - 10.3Mb
HTML Download (Zip) - 10.3Mb
HTML Download (RPM) - 8.9Mb
Eclipse Doc Plugin (TGZ) - 11.1Mb
Eclipse Doc Plugin (Zip) - 13.3Mb
Man Pages (TGZ) - 203.8Kb
Man Pages (Zip) - 309.1Kb
Info (Gzip) - 3.4Mb
Info (Zip) - 3.4Mb
Excerpts from this Manual

MySQL 5.7 Reference Manual  /  ...  /  The MySQL Keyring

7.5.4 The MySQL Keyring

MySQL Server supports a keyring service that enables internal server components and plugins to securely store sensitive information for later retrieval. The implementation is plugin-based:

  • MySQL 5.7.11 and higher includes the initial keyring plugin, keyring_file, which stores keyring data in a file local to the server host. This plugin is available in all MySQL distributions, Community Edition and Enterprise Edition included.

    Warning

    The keyring_file plugin for encryption key management is not intended as a regulatory compliance solution. Security standards such as PCI, FIPS, and others require use of key management systems to secure, manage, and protect encryption keys in key vaults or hardware security modules (HSMs).

  • MySQL 5.7.12 and higher includes keyring_okv, a plugin that uses Oracle Key Vault for keyring backend storage. This plugin is available in MySQL Enterprise Edition distributions.

  • MySQL 5.7.13 and higher includes an SQL interface for keyring key management, implemented as a set of user-defined functions (UDFs).

The InnoDB storage engine uses the keyring to store its key for tablespace encryption. InnoDB can use any supported keyring plugin.

For keyring installation instructions, see Section 7.5.4.1, “Keyring Plugin Installation”.

For information about using the keyring UDFs, see Section 7.5.4.5, “General-Purpose Keyring Key-Management Functions”.

Keyring plugins and UDFs access a keyring service that provides the interface for server components to the keyring. For information about writing keyring plugins or accessing the keyring plugin service, see Section 27.2.4.12, “Writing Keyring Plugins”, and Section 27.3.2, “The Keyring Service”.


User Comments
Sign Up Login You must be logged in to post a comment.