maria-discuss team mailing list archive

Thread
Date

Re: AWS Key management plugin key rotation in replication

To: Reinis Rozitis <r@xxxxxxx>
From: Sergei Golubchik <serg@xxxxxxxxxxx>
Date: Mon, 30 Aug 2021 08:58:40 +0200
Cc: maria-discuss@xxxxxxxxxxxxxxxxxxx
In-reply-to: <000001d79ccf$32a27570$97e76050$@roze.lv>

Hi, Reinis!

Slaves use their own encryption, they can use completely different set
of keys with different rotation period. They don't have to be
synchronized with the master.

On Aug 29, Reinis Rozitis wrote:
> Hello, 
> I wanted to clarify - does the key rotation (with AWS KMS backend) work in
> replication scenario? 
> As in do the slaves (somehow) get also notified and perform the
> re-encryption if the key is rotated (on master) in background or you have to
> use different key for each slave for rotation to work? 
> 
> In https://mariadb.com/kb/en/encryption-key-management/#key-rotation it
> wasn't mentioned.
> 
Regards,
Sergei
VP of MariaDB Server Engineering
and security@xxxxxxxxxxx

Follow ups

Re: AWS Key management plugin key rotation in replication
From: Reinis Rozitis, 2021-08-30

References

AWS Key management plugin key rotation in replication
From: Reinis Rozitis, 2021-08-29