MySQL/MariaDB Encryption with Onboardbase Store
Data-at-Rest Encryption is provided by MariaDB or MySQL; in this guide, we will explain how to store your encryption key on the Onboardbase Store and use it through our plugin to easily secure your data and encryption key.
Navigate to Store
Once you created a Vault, You can add as much as you can of key-value data.
we are going to create a Key
Create a key with 32-bit of hex, which is recommended by the plugin adapter.
openssl rand -hex 32
Add the key to the default vault.
Make sure you add it to the default locker
Put this value you got for example 397466932b031a8ace6138a919652a8c77710daca32b0009704a24e3c31b19ff
to the associated key.
Prepare your variables
You need to have the API URL for the Store
<https://public.onboardbase.com/api/v1/store/get/><KEY>
and Store Token
store_QNPC2ASQSQSYTJF
You can find it here on the dashboard
Install the plugin
Since it's still in early release.
You have to install the plugin manually into the server that has the database.
wget https://files.onboardbase.com/onboardbase_key_management.so
# or
curl -O https://files.onboardbase.com/onboardbase_key_management.so
Move this into the plugin directory.
You might need to execute this query on your database to know where is your plugin directory is located.
SHOW VARIABLES LIKE 'plugin_dir';
After moving it there
Go to your my.cnf
...
[mariadb]
plugin_load_add = onboardbase_key_management
onboardbase-key-management-token="<Store-Token>"
onboardbase-key-management-vault-url="<API-URL>"
these variables mentioned above.
Ensure that InnoDB Engine is working
restart mariaDB systemctl restart mariadb
You have to specify the version of the key
CREATE TABLE t2 (a VARCHAR(8)) ENGINE=InnoDB ENCRYPTED=YES ENCRYPTION_KEY_ID=1;
Updated 25 days ago