In anticipation of the start of a new set for the course "Databases" we continue to publish a series of articles about encryption in MySQL.
In the previous article in this series, we discussed how Master Key encryption works . Today, based on the knowledge gained earlier, let's look at the rotation of the master keys.
Master key rotation consists in generating a new master key and re-encrypting the table space keys (which are stored in the table space headers) with this new key.
Let's remember what the header of an encrypted tablespace looks like:
We know from the previous article that the server reads the headers of all encrypted table spaces at startup and remembers the largest KEY ID. For example, if we have three tables with KEY ID = 3 and one table with KEY ID = 4, then the maximum key ID will be 4. Let's call this KEY ID - MAX KEY ID.
1. ALTER INNODB MASTER KEY.
2. (keyring) UUID KEYID, MAXKEYID. , , INNODBKEY-UUID- (MAXKEYID + 1). MAX KEY ID (.. MAXKEYID = MAXKEYID + 1).
3. , , :
;
MAXKEYID;
UUID UUID , UUID .
, (Master Key ID), , UUID KEY ID, . , , .
, , , , . . , . , . .
, , . — . - (, Vault Server), , . … .
, . , . , . , . , , / , . "" . , Percona Server for MySQL , . (encryption threads). .
, , .