Hi, Reinis! On Aug 30, Reinis Rozitis wrote: > > Slaves use their own encryption, they can use completely different set of > > keys with different rotation period. They don't have to be synchronized with > >the master. > > That is clear, > but I wanted to know in case they use the same key does the KMS API / Plugin > somehow pick up the rotation event and perform the re-encryption on all the > replicas (I guess could try just to test it)?
the master does not specifically communicate key rotaton to slaves. the way key rotation works in AWS plugin - I don't think the KMS will communicate it either. but, as key rotation is triggered by an sql statement, you can try to replicate it somehow. e.g. instead of SET, you have a table "key_rotation" and you insert into it. And an AFTER INSERT trigger will do the SET. The insert can be replicated just fine, this way both a master and a slave can rotate at about the same time. > Using multiple keys (per replica) would complicate the setup (a bit). sure. it's a possibility, not a requirement. Regards, Sergei VP of MariaDB Server Engineering and [email protected] _______________________________________________ Mailing list: https://launchpad.net/~maria-discuss Post to : [email protected] Unsubscribe : https://launchpad.net/~maria-discuss More help : https://help.launchpad.net/ListHelp
