How to store the key for encrypted mysql database (MariaDB)?

H

hostadmin2018-05-03 13:56:38

MySQL

hostadmin, 2018-05-03 13:56:38

I want to encrypt sensitive data in some DB tables (MariaDB in my case). But there were questions:
1. How to store encryption keys, for example, in files?
Those. it is clear that you can throw it on the disk, but if access is compromised, the key leaks along with the database.
I think that it is probably more correct before starting the database to connect to the system some remote network resource (folder) on which the key lies, start the database and disconnect this resource after launch. Am I thinking right?
2. It seems that the manual says that you can use AWS KMS, but here it is also not clear what is the situation with access to the key of attackers who have gained access to the server. Or does AWS KMS have some kind of protection for the number of key requests and/or a time limit? Unfortunately never worked with KMS.
3. How are things going with encrypted data replication? Does the slave use the same key as the master?
PS. It's about standard encryption by means of the database itself, and not the use of encryption for sql queries.

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

A

Alexander Aksentiev, 2018-05-03
@Sanasol

Those. it is clear that you can throw it on the disk, but if access is compromised, the key leaks along with the database.

In almost any case of serious compromise, there will be ways to get into the source code of the site / somewhere else and get the key, so all encryptions do not really give anything in terms of security, as for me.
Whether it's hashing, but in the case of data that needs to be read, this is not suitable :)

A

Alexander Chernykh, 2018-05-03
@sashkets

agree with Alexander Aksentiev
it is better to shut up the approaches to the server from the curious