How to store the key for an encrypted mysql database (MariaDB)?

0 like 0 dislike
8 views
Want to encrypt sensitive data in certain database tables (in my case MariaDB). But there are questions:
1. How to store encryption keys, for example, in the files?
Ie it is clear that you can throw on the disc, but in the event of a compromise of access together with the base leaked key.
I think that is probably more correct before running database to connect to some remote network resource (folder), which is the key, start the database and after startup to unmount this share. Right thoughts?

2. Like in the manual they write that you can use the AWS KMS, but it is also not clear as is the case with the access key intruders have access to the server. Or AWS KMS is some kind of protection on the number of requests for the key and/or a time limit? Sorry never worked with KMS.

3. How are things with replication of encrypted data? For the slave uses the same key as the master?

PS. It is about the standard encryption by the database itself, not using encryption in sql queries.
by | 8 views

2 Answers

0 like 0 dislike
Ie it is clear that you can throw on the disc, but in the event of a compromise of access together with the base leaked key.

In almost any case of serious compromise will be made available ways to get for example in the source code of the website/somewhere else and get the key, so all the encryption did not really provide in terms of security to me.
Whether it is hashing, but in the case of data which must be read is not suitable :)
by
0 like 0 dislike
I agree with Alexander Arsentiev
The protection is only in the absence of the ability to do it from the server


better to plug the approaches to the server from prying
by

Related questions

0 like 0 dislike
1 answer
asked May 20, 2019 by nikel_haker
0 like 0 dislike
5 answers
0 like 0 dislike
6 answers
0 like 0 dislike
2 answers
0 like 0 dislike
1 answer
110,608 questions
257,186 answers
0 comments
33,932 users