X

MySQL and MySQL Community information

MySQL announces integration with Oracle Cloud Infrastructure Vault

Mike Frank
Product Management Director

Securing a database includes securing sensitive items such as keys, passphrases, and more. Its important to protect from misuse by using cryptography and access controls to limit usage by only the components that use them or admins that require them.  MySQL Enterprise Keyring security component provides integrated Key Management with secure vaults. 

Starting with MySQL Enterprise Edition 8.0.22, you can manage your MySQL encryption keys for TDE and more using the Oracle Cloud Infrastructure Vault. OCI Vault lets you securely store, manage, and audit arbitrary keys and other types of configuration secrets using the Oracle Cloud Infrastructure's Vault service. 

OCI Vault and MySQL Keyring

Oracle Infrastructure Vault - Console - Shown Storing MySQL Secrets

This integration with the OCI Vault leverages the MySQL keyring with the addition of the "keyring_oci" plugin. This keyring plugin communicates with Oracle Cloud Infrastructure Vault for back end storage. No key information resides in MySQL server local file system storage. 

Benefits of using OCI Vault for your MySQL Key Management:

  • Fully Managed Service - but you control access to your keys and secrets
  • Centralized - common repository to manage keys and secrets and define policies.
  • Auditing - Know exactly details of secrets usage: where, by whom, and when. 
  • Compliance - Vault drives controls required for regulatory compliance. 
  • HA - Keys replicated within a region to ensure the durability and availability of the keys. 
  • Secure - FIPS compliant
  • No Cost if you have an Oracle Cloud Tenancy.

For technical details 

MySQL Keyring for OCI Vault

MySQL Enterprise Security Overview

MySQL 8.0 Secure Deployment Guide

 

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.