Hi Obsa, Thank you for sharing this link, sounds interesting. In case you succeed with this Vault implementation, kindly share us your experience (may be a blog post on this). I am also looking for implementing something similar without AWS KMS option. Thank you. On Tue, Feb 27, 2018 at 5:59 AM, <obsa@mm.st> wrote:
Sergei,
Still looking for some alternative to AWS.
I did find 'Vault', a well-established & active project
https://www.vaultproject.io/intro/index.html
which appears to be an on-premises alternative to AWS & HSMs
with open sources here
https://github.com/hashicorp/vault
and a "MariaDB Secrets Engine"
https://www.vaultproject.io/docs/secrets/databases/mysql-maria.html
"The database secrets engine generates database credentials dynamically based on configured roles. It works with a number of different databases through a plugin interface. There are a number of builtin database types and an exposed framework for running custom database types for extendability. This means that services that need to access a database no longer need to hardcode credentials: they can request them from Vault, and use Vault's leasing mechanism to more easily roll keys."
Has there been any work on a Vault-based MariaDB plugin with key management/rotation capabilities similar to that provided by the AWS offsite solution?
_______________________________________________ Mailing list: https://launchpad.net/~maria-discuss Post to : maria-discuss@lists.launchpad.net Unsubscribe : https://launchpad.net/~maria-discuss More help : https://help.launchpad.net/ListHelp