Documentation Home
MySQL 9.1 Reference Manual
Related Documentation Download this Manual
PDF (US Ltr) - 40.4Mb
PDF (A4) - 40.5Mb
Man Pages (TGZ) - 259.5Kb
Man Pages (Zip) - 366.7Kb
Info (Gzip) - 4.1Mb
Info (Zip) - 4.1Mb


MySQL 9.1 Reference Manual  / ...  / Security  / Security Components and Plugins  / The MySQL Keyring  /  Plugin-Specific Keyring Key-Management Functions

8.4.4.14 Plugin-Specific Keyring Key-Management Functions

For each keyring plugin-specific function, this section describes its purpose, calling sequence, and return value. For information about general-purpose keyring functions, seeSection 8.4.4.13, “General-Purpose Keyring Key-Management Functions”.

  • keyring_aws_rotate_cmk()

    Associated keyring plugin:keyring_aws

    Note

    keyring_aws_rotate_cmk() is not provided by the AWS keyring component. For this reason, the function should be considered deprecated and thus subject to removal in a future version of MySQL.

    keyring_aws_rotate_cmk() rotates the AWS KMS key. Rotation changes only the key that AWS KMS uses for subsequent data key-encryption operations. AWS KMS maintains previous CMK versions, so keys generated using previous CMKs remain decryptable after rotation.

    Rotation changes the CMK value used inside AWS KMS but does not change the ID used to refer to it, so there is no need to change thekeyring_aws_cmk_id system variable after callingkeyring_aws_rotate_cmk().

    This function requires theSUPER privilege.

    Arguments:

    None.

    Return value:

    Returns 1 for success, orNULL and an error for failure.

  • keyring_aws_rotate_keys()

    Associated keyring plugin:keyring_aws

    keyring_aws_rotate_keys() rotates keys stored in thekeyring_aws storage file named by thekeyring_aws_data_file system variable. Rotation sends each key stored in the file to AWS KMS for re-encryption using the value of thekeyring_aws_cmk_id system variable as the CMK value, and stores the new encrypted keys in the file.

    keyring_aws_rotate_keys() is useful for key re-encryption under these circumstances:

    This function requires theSUPER privilege.

    Arguments:

    None.

    Return value:

    Returns 1 for success, orNULL and an error for failure.

  • keyring_hashicorp_update_config()

    Associated keyring plugin:keyring_hashicorp

    When invoked, thekeyring_hashicorp_update_config() function causeskeyring_hashicorp to perform a runtime reconfiguration, as described inkeyring_hashicorp Configuration.

    This function requires theSYSTEM_VARIABLES_ADMIN privilege because it modifies global system variables.

    Arguments:

    None.

    Return value:

    Returns the string'Configuration update was successful.' for success, or'Configuration update failed.' for failure.