nice, check what i'm thinking about... 1) i start mariadb without keys i start my app here i must check that all tables are 'unlocked' and read to use, we will have a method to this? at mysql_connect i will check if keys are loaded, maybe a SHOW STATUS like 'encryption_keys_loaded' = 1 or 0 2) about externall acess to include encryption/key maybe a sql statment? INSERT INTO mysql.encrypt_keys (key,value) value (1,"abcdefg.....") just an idea about external key uploading or an external server (no problem) 2014-06-20 9:51 GMT-03:00 Elmar Eperiesi-Beck <elmar@eperiesi-beck.de>:
At startup the keys will be read once and kept in memory. Normaly you are not going to encrypt 1000 tables, because you just encrypt the content that is confidential. But yes- each key has to be in the memory. Or you use an external encryption/key server that handels the encryption and the key-management outside the DB.
We enhanced the concept, that it is possible to deliver the key manually at server startup. You can have it e.g. on a pendrive and start the server with the keys as a backup.
Am 17.06.2014 um 18:55 schrieb Roberto Spadim <roberto@spadim.com.br>:
humm, now i'm thinking as a data warehouse think about installing a server (server 1) in somewhere (maybe saara desert).... i connect the "server 1" to internet, and configure the server uri to point to my central server (server central), maybe at moon
when the mysqld/mariadbd start, it will contact the central server and get all keys, or only get keys when i need? for example a server with 1000 tables and 1000 diferent keys, they are all stored at memory at boot time, or only when i need read/write access to that table?
if i remove the internet link, the "server 1" will not read tables, right? in this case, if i have the keyfile in a pendrive, or a cd or dvd, could i redirect it to a key file and start database, as a backup solution?
-- Roberto Spadim SPAEmpresarial Eng. Automação e Controle