How Transparent Data Encryption is Built in MySQL and Percona Server ?
In this presentation, we'll take a deep dive into the world of transparent data encryption for open source databases. We'll be looking at how transparent data encryption is implemented in MySQL and Percona Server for MySQL: - keyrings – what are they used for ? What is the difference between using a server back-end (keyringvault) versus file back-end (keyringfile). How it affects server startup and why? Why per server separation is needed in Vault Server? - How Master Key encryption works ? How it is build on page level ? How do we know which key we should fetch to decrypt a table ? How do we know that used key is the correct one ? How do we make sure that we can decrypt a table when we need it ? - How Master Key rotation works ? Why is it needed ? By the end of the talk, you'll have a better understanding of the transparent data encryption and will be aware of things to take into account when interacting with encrypted databases in your applications.