MySQL Forums
Forum List  »  Security

Issue loading keyring_okv without doing so at run time
Date: June 01, 2018 03:13PM

I am currently using the keyring_okv plugin and I have it working, but not the way it's supposed to work. At least not according to any of the information I have gathered.

During setup I had an issue where I could not get the keyring_okv plugin to work. I spend many hours playing with it, assuming it was maybe a connection issue with Oracle KeyVault, or something in that realm. Even though the keyvault generated plugin file was connecting from the MySQL server to the KeyVault appliance with no problems at all. On the MySQL server I created the necessary files according to all the guides but for the life of me I could not get MySQL to connect to KeyVault by itself.

Finally after everything I just figured I would try setting the keyring_okv_config_dir mysql through mysql "set global keyring_okv_conf_dir="/var/lib/mysql-keyring";" and boom, everything works. Now I can create encrypted tables and do things normally.

My issue is obviously the table are not accessible until I manually set the system variable after mysql starts. I have the my.cnf configured to set the variable but it doesn't work. I have even tried to set the variable via the command line (mysqld --keyring_okv_config_dir=.....) but it still will not initialize the plugin until I manually set the variable during run time. Also I am initializing the plugin with --early_plugin_load in the mysql command. I had also put the plugin in the my.cnf at one time, but either place didn't make any difference.

Currently my work around on ubuntu has been to modify the service file to manually set the variable right after it starts the mysql service, but this doesn't feel like the best solution. I was hoping someone from the MySQL team could give me some input on what I may be missing or doing wrong.

I have tried this on multiple different ubuntu versions with mysql enterprise (running mysql commercial 5.7.21 and .16) and had the same issue no matter what environment I was in.

Options: ReplyQuote

Written By
Issue loading keyring_okv without doing so at run time
June 01, 2018 03:13PM

Sorry, you can't reply to this topic. It has been closed.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.