I'm working on Encryption at Rest in MDB 10.4, looking for an on-premise key rotation solution. Back in 2016, there was a discussion on ML, https://lists.launchpad.net/maria-discuss/msg05031.html Another possibility would be to add key rotation support to the file_key_management plugin. It is easier than it sounds - this plugin is quite simple. Regards, Sergei Chief Architect MariaDB which referenced Vault as MariaDB encryption plugin -- alternative to AWS? https://github.com/hashicorp/vault/issues/4041 AFAICT, there's still no key rotation support of any kind in MariaDB's file_management plugin. OTOH, it seems that Percona has a plugin https://www.percona.com/doc/percona-server/5.7/management/data_at_rest_encry... that works with Hashicorp Vault's KV (old) v1 engine, KV Secrets Engine - Version 1 https://www.vaultproject.io/docs/secrets/kv/kv-v1.html There's also a v2, KV Secrets Engine - Version 2 https://www.vaultproject.io/docs/secrets/kv/kv-v2.html and, encryption with rotation can be deployed as a service Encryption as a Service: Transit Secrets Engine https://learn.hashicorp.com/vault/encryption-as-a-service/eaas-transit but I haven't found examples of either of the latter two options working with Percona. Is there a modern/current key-rotation solution for MDB other than AWS? Similar in capability to Percona's, and preferably, self-hosted/on-premise?