maria-discuss team mailing list archive
Mailing list archive
On-premise Encryption key-rotation solution for MDB? Works with Hashicorp Vault?
I'm working on Encryption at Rest in MDB 10.4, looking for an on-premise key rotation solution.
Back in 2016, there was a discussion on ML,
Another possibility would be to add key rotation support to the
It is easier than it sounds - this plugin is quite simple.
Chief Architect MariaDB
Vault as MariaDB encryption plugin -- alternative to AWS?
AFAICT, there's still no key rotation support of any kind in MariaDB's file_management plugin.
OTOH, it seems that Percona has a plugin
that works with Hashicorp Vault's KV (old) v1 engine,
KV Secrets Engine - Version 1
There's also a v2,
KV Secrets Engine - Version 2
and, encryption with rotation can be deployed as a service
Encryption as a Service: Transit Secrets Engine
but I haven't found examples of either of the latter two options working with Percona.
Is there a modern/current key-rotation solution for MDB other than AWS?
Similar in capability to Percona's, and preferably, self-hosted/on-premise?