Securing a database includes securing sensitive items such as keys, passphrases, and more. Its important to protect from misuse by using cryptography and access controls to limit usage by only the components that use them or admins that require them. MySQL Enterprise Keyring security component provides integrated Key Management with secure vaults.
Starting with MySQL Enterprise Edition 8.0.22, you can manage your MySQL encryption keys for TDE and more using the Oracle Cloud Infrastructure Vault. OCI Vault lets you securely store, manage, and audit arbitrary keys and other types of configuration secrets using the Oracle Cloud Infrastructure’s Vault service.
Oracle Infrastructure Vault – Console – Shown Storing MySQL Secrets
This integration with the OCI Vault leverages the MySQL keyring with the addition of the “keyring_oci” plugin. This keyring plugin communicates with Oracle Cloud Infrastructure Vault for back end storage. No key information resides in MySQL server local file system storage.
Benefits of using OCI Vault for your MySQL Key Management:
- Fully Managed Service – but you control access to your keys and secrets
- Centralized – common repository to manage keys and secrets and define policies.
- Auditing – Know exactly details of secrets usage: where, by whom, and when.
- Compliance – Vault drives controls required for regulatory compliance.
- HA – Keys replicated within a region to ensure the durability and availability of the keys.
- Secure – FIPS compliant.
- No Cost if you have an Oracle Cloud Tenancy.
For technical details
MySQL Enterprise Security Overview