maria-discuss team mailing list archive

[obsa@xxxxx]

Sergei,

Still looking for some alternative to AWS.

I did find 'Vault', a well-established & active project

   https://www.vaultproject.io/intro/index.html

which appears to be an on-premises alternative to AWS & HSMs

with open sources here

  https://github.com/hashicorp/vault

and a "MariaDB Secrets Engine"

  https://www.vaultproject.io/docs/secrets/databases/mysql-maria.html

"The database secrets engine generates database credentials dynamically based on configured roles. It works with a number of different databases through a plugin interface. There are a number of builtin database types and an exposed framework for running custom database types for extendability. This means that services that need to access a database no longer need to hardcode credentials: they can request them from Vault, and use Vault's leasing mechanism to more easily roll keys."

Has there been any work on a Vault-based MariaDB plugin with key management/rotation capabilities similar to that provided by the AWS offsite solution?