How to store the key for encrypted mysql database (MariaDB)?

I want to encrypt sensitive data in some DB tables (MariaDB in my case). But there were questions:
1. How to store encryption keys, for example, in files?
Those. it is clear that you can throw it on the disk, but if access is compromised, the key leaks along with the database.
I think that it is probably more correct before starting the database to connect to the system some remote network resource (folder) on which the key lies, start the database and disconnect this resource after launch. Am I thinking right?
2. It seems that the manual says that you can use AWS KMS, but here it is also not clear what is the situation with access to the key of attackers who have gained access to the server. Or does AWS KMS have some kind of protection for the number of key requests and/or a time limit? Unfortunately never worked with KMS.
3. How are things going with encrypted data replication? Does the slave use the same key as the master?
PS. It's about standard encryption by means of the database itself, and not the use of encryption for sql queries.