Scribd
Upload
3 views

GUOB - MySQL e LGPD

The document discusses the implications of the LGPD (General Data Protection Law) on MySQL, emphasizing the need for data protection and security measures for IT professionals. It outlines key principles, roles involved, and necessary actions for compliance, including the use of encryption, password management, and audit logging. Additionally, it highlights specific MySQL features and configurations that support adherence to these regulations.

Uploaded by

figayab841
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
3 views

GUOB - MySQL e LGPD

The document discusses the implications of the LGPD (General Data Protection Law) on MySQL, emphasizing the need for data protection and security measures for IT professionals. It outlines key principles, roles involved, and necessary actions for compliance, including the use of encryption, password management, and audit logging. Additionally, it highlights specific MySQL features and configurations that support adherence to these regulations.

Uploaded by

figayab841
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 72

MySQL e LGPD(Lei Geral de Proteção de

Dados)

Vinicius M. Grippa
Senior Support Engineer for MySQL/MongoDB
[email protected]

1 © 2019 Percona
Sobre mim
• Engenheiro de Support na Percona desde 2017.

• Trabalhando com MySQL há 7 anos.

• Trabalhando com banco de dados há 10 anos.

• Speaker na PL 2018/2019, conferências e meetups sobre MySQL/MongoDB.

2 © 2019 Percona 2
Sobre Percona
• Fundada em 2006

• +200 engenheiros ao redor do mundo

• Ferramentas com +1 bilhão de downloads

• Percona Live é um dos grandes eventos sobre banco de dados open-source

3 © 2019 Percona 3
O que é a LGPD?

4 © 2019 Percona
LGPD
• Lei Geral de Proteção de Dados Pessoais, a "GDPR brasileira".

• Criada para proteger a liberdade e a privacidade de consumidores e cidadãos.

• Estabelecer regras claras sobre coleta, armazenamento, tratamento e


compartilhamento de dados pessoais.

• Estabelecer punições para quem descumprir a lei.

5 © 2019 Percona 5
Quem são os atores envolvidos na LGPD
• O titular
Seria o proprietário dos dados, no caso as pessoas físicas.
• O controlador
É representado pelo tomador dos dados, ou seja, as pessoas jurídicas
• O operador
A empresa responsável pela coleta de dados e sua efetiva segurança através de
soluções automatizadas
• O encarregado
É o profissional que responde pela proteção dos dados da empresa.

6 © 2019 Percona 6
O que muda para o profissional de TI?
• Peça-chave no processo de adequação das empresas à LGPD

• Demanda por segurança (VPN, Criptografia, Firewall, REST)

• Demanda por soluções de armazenamento (Backup)

• Demanda por processamento dos dados

7 © 2019 Percona 7
Princípios Básicos
• Acesso minimo
• Isolamento
• Audit
• Proteção contra invasão
• Firewall

8 © 2019 Percona 8
Agenda
• SO/Cloud security
• SSL
• Password management
• Audit plugin
• Percona Server encryption features
• MySQL 8 features (undo, redo encryption)
• TDE
• New caching_sha2_password
• FIPS mode
• Roles
9 © 2019 Percona 9
OS/Cloud Security

10 © 2019 Percona
OS/Cloud Security

• Remover serviços que não são usados


• Não rodar compiladores
• Firewalls
• Acesso restrito a internet
• Desabilitar root remoto
• Uso de chave SSH

11 © 2019 Percona
OS/Cloud Security

• Uso do Amazon Virtual Private Cloud (VPC)


• Uso do AWS Identity and Access Management (IAM)
policies
• Uso de security groups

12 © 2019 Percona
OS/Cloud Security

13 © 2019 Percona
OS/Cloud Security

14 © 2019 Percona
OS/Cloud Security

15 © 2019 Percona
SSL

16 © 2019 Percona 16
SSL
• Transportar a informação de forma segura
• SSL provê esse meio
• Default for MySQL 5.7-8.0 or higher
• MySQL 8.0.16 suporta mudanças em runtime das
variáveis TLS
• Certificados
• MySQL 5.7
• mysql_ssl_rsa_setup
• MySQL 5.6
17
• openssl © 2019 Percona
SSL
mysql > show global variables like '%ssl%';
+--------------------+-----------------+
| ssl_cert | server-cert.pem |
| Variable_name | Value |
| ssl_cipher | |
+--------------------+-----------------+
| ssl_crl | |
| have_openssl | YES |
| ssl_crlpath | |
| have_ssl | YES |
| ssl_fips_mode | OFF |
| mysqlx_ssl_ca | |
| ssl_key | server-key.pem |
| mysqlx_ssl_capath | |
+--------------------+---------------
| mysqlx_ssl_cert | |
| mysqlx_ssl_cipher | |
| mysqlx_ssl_crl | |
| mysqlx_ssl_crlpath | |
| mysqlx_ssl_key | |
| ssl_ca | ca.pem |
18
| ssl_capath | |
© 2019 Percona
SSL
mysql: root@localhost ((none)) GRANT ALL PRIVILEGES ON *.* TO
'ssluser'@'%' IDENTIFIED BY 'sekret' REQUIRE SSL;
Query OK, 0 rows affected, 1 warning (0.00 sec) Query OK, 0 rows affected
(0.01 sec)

[root@node1 ~]# mysql -ussluser -psekret


--ssl-cert=/var/lib/mysql/client-cert.pem
--ssl-key=/var/lib/mysql/client-key.pem --ssl-ca=/var/lib/mysql/ca.pem -h
127.0.0.1 -P 3306 -e "\s"| grep SSL
mysql: [Warning] Using a password on the command line interface can be
insecure.
SSL: Cipher in use is ECDHE-RSA-AES128-GCM-SHA256

19 © 2019 Percona
SSL
It is also possible to set ssl-mode to ensure that all connections use SSL. This
option is available only for client programs, not the server.

[client]
ssl-mode=required

20 © 2019 Percona
SSL

21 © 2019 Percona
Password Management

22 © 2019 Percona 22
Password Management
• Password expiration
• validate_password plugin
• Percona LDAP plugin

23 © 2019 Percona 23
Password Expiration
• MySQL enables database administrators to expire account
passwords manually, and to establish a policy for automatic
password expiration. Expiration policy can be established
globally, and individual accounts can be set to either defer
to the global policy or override the global policy with
specific per-account behavior.

24 © 2019 Percona
Password Expiration
Individual Accounts
mysql> create user test_expired_user@localhost identified by
'Sekr$K1et' PASSWORD EXPIRE INTERVAL 1 day;
Query OK, 0 rows affected (0.01 sec)

Globally
mysql> SET GLOBAL default_password_lifetime = 1;

25 © 2019 Percona
Password Expiration
mysql: test_expired_user@localhost ((none)) > show databases;
ERROR 1820 (HY000): You must reset your password using ALTER
USER statement before executing this statement.

26 © 2019 Percona
validate_plugin

Its main purpose is to test passwords and improve security. It


is possible to ensure the strength, length and required
characters of the password.

27 © 2019 Percona
validate_plugin - Instalação
# Runtime
mysql: root@localhost ((none)) > INSTALL
PLUGIN validate_password SONAME
'validate_password.so';
Query OK, 0 rows affected (0.07 sec)

# my.cnf
[mysqld]
28
plugin-load-add=validate_password.so
© 2019 Percona
validate_plugin - Validação
mysql: root@localhost ((none)) > show global variables like '%plugin%';
+-------------------------------+--------------------------+
| Variable_name | Value |
+-------------------------------+--------------------------+
| default_authentication_plugin | mysql_native_password |
| plugin_dir | /usr/lib64/mysql/plugin/ |
+-------------------------------+--------------------------+
2 rows in set (0.00 sec)

mysql: root@localhost ((none)) > SELECT PLUGIN_NAME, PLUGIN_STATUS


FROM INFORMATION_SCHEMA.PLUGINS
WHERE PLUGIN_NAME LIKE 'validate%';
+-------------------+---------------+
| PLUGIN_NAME | PLUGIN_STATUS |
+-------------------+---------------+
| validate_password | ACTIVE |
+-------------------+---------------+
29 © 2019 Percona
1 row in set (0.00 sec)
validate_plugin - Exemplo
mysql: root@localhost ((none)) > set global
validate_password_length = 6;
Query OK, 0 rows affected (0.00 sec)

mysql: root@localhost ((none)) > set global


validate_password_policy=2;
Query OK, 0 rows affected (0.00 sec)

30 © 2019 Percona
validate_plugin - Exemplo
mysql: root@localhost ((none)) > create user
test_password@localhost identified by 'PasSw0Rd';
ERROR 1819 (HY000): Your password does not satisfy the
current policy requirements

mysql: root@localhost ((none)) > create user


test_password@localhost identified by 'PasSw0Rd12@';
Query OK, 0 rows affected (0.00 sec)

31 © 2019 Percona
Dual Password Support
As of MySQL 8.0.14, user accounts are permitted to have dual
passwords, designated as primary and secondary passwords.
Dual-password capability makes it possible to seamlessly
perform credential changes in scenarios like this:

● A system has a large number of MySQL servers, possibly


involving replication.

● Multiple applications connect to different MySQL servers.

● Periodic credential changes must be made to the account or


accounts used by the applications to connect to the
servers.

32 © 2019 Percona
Audit Plugin

33 © 2019 Percona 33
Audit Plugin
• MySQL Enterprise – Paid
• Percona Server (works with community version) – Free
• It is different from general log
• Filter by command / user / database
• MariaDB Audit Plugin

34 © 2019 Percona
Audit Plugin - Installing
mysql > INSTALL PLUGIN audit_log SONAME 'audit_log.so';
Query OK, 0 rows affected (0.05 sec)

mysql > SELECT PLUGIN_NAME, PLUGIN_STATUS FROM


INFORMATION_SCHEMA.PLUGINS WHERE PLUGIN_NAME LIKE
'audit%';
+-------------+---------------+
| PLUGIN_NAME | PLUGIN_STATUS |
+-------------+---------------+
| audit_log | ACTIVE |
+-------------+---------------+
1 row in set (0.00 sec)

35 © 2019 Percona
Audit Plugin
[mysqld]
## Audit Logging ##
audit_log_policy=ALL
audit_log_format=JSON
audit_log_file=/var/log/mysql/audit.log
audit_log_rotate_on_size=1024M
audit_log_rotations=10

36 © 2019 Percona
Audit Plugin
mysql: root@localhost ((none)) > show global variables like 'audit%';
+-----------------------------+--------------------------+
| Variable_name | Value |
+-----------------------------+--------------------------+
| audit_log_buffer_size | 1048576 |
| audit_log_exclude_accounts | |
| audit_log_exclude_commands | |
| audit_log_exclude_databases | |
| audit_log_file | /var/log/mysql/audit.log |
| audit_log_flush | OFF |
| audit_log_format | JSON |
| audit_log_handler | FILE |
| audit_log_include_accounts | |
| audit_log_include_commands | |
| audit_log_include_databases | |

37 © 2019 Percona
Audit Plugin
mysql: root@localhost ((none)) > show global variables like 'audit%';
+-----------------------------+--------------------------+
| Variable_name | Value |
+-----------------------------+--------------------------+
| audit_log_policy | ALL |
| audit_log_rotate_on_size | 1073741824 |
| audit_log_rotations | 10 |
| audit_log_strategy | ASYNCHRONOUS |
| audit_log_syslog_facility | LOG_USER |
| audit_log_syslog_ident | percona-audit |
| audit_log_syslog_priority | LOG_INFO |
+-----------------------------+--------------------------+
18 rows in set (0.02 sec)

38 © 2019 Percona
Percona Server Encryption Features

39 © 2019 Percona 39
Percona Server Encryption
Percona server provides extra encryption:
• encrypt_binlog
• encrypt_tmp_files

• innodb_encrypt_online_alter_logs
• innodb_encrypt_tables
innodb_parallel_dblwr_encrypt

• innodb_sys_tablespace_encrypt
• innodb_temp_tablespace_encrypt
40 © 2019 Percona
Percona Server Encryption
[mysqld]
# Binary Log Encryption
encrypt_binlog
master_verify_checksum = 1
binlog_checksum = 1

mysql: root@localhost ((none)) > show global variables


like '%encrypt_binlog%';
+----------------+-------+
| Variable_name | Value |
+----------------+-------+
| encrypt_binlog | ON |
+----------------+-------+
1 row in set (0.00 sec)

41 © 2019 Percona
Percona Server Encryption
mysql: root@localhost ((none)) > show global variables
like '%encrypt%';
+----------------------------------+-------------+
| Variable_name | Value |
+----------------------------------+-------------+
| block_encryption_mode | aes-128-ecb |
| encrypt_binlog | ON |
| encrypt_tmp_files | OFF |
| innodb_encrypt_online_alter_logs | OFF |
| innodb_encrypt_tables | OFF |
| innodb_parallel_dblwr_encrypt | OFF |
| innodb_sys_tablespace_encrypt | OFF |
| innodb_temp_tablespace_encrypt | OFF |
+----------------------------------+-------------+
8 rows in set (0.00 sec)
42 © 2019 Percona
MySQL 8 Features
(Undo, Redo Encryption)

43 © 2019 Percona 43
MySQL 8 - (Undo, Redo Encryption)
• MySQL 8 extends tablespace encryption feature to redo log and undo log.
• It is necessary using one of the Keyring plugins.

44 © 2019 Percona
MySQL 8 - (Undo, Redo Encryption)
The process is very straightforward, to enable the encryption on the redo log and the undo log:
mysql> set global innodb_undo_log_encrypt = 1;
Query OK, 0 rows affected (0.00 sec)

mysql> set global innodb_redo_log_encrypt = 1;


Query OK, 0 rows affected (0.00 sec)

mysql> show global variables like '%log_encrypt%';


+-------------------------+-------+
| Variable_name | Value |
+-------------------------+-------+
| innodb_redo_log_encrypt | ON |
| innodb_undo_log_encrypt | ON |
+-------------------------+-------+
2 rows in set (0.00 sec)

45 © 2019 Percona
Transparent Data Encryption (TDE)

46 © 2019 Percona 46
Transparent Data Encryption (TDE)
• Enables data-at-rest encryption in the database.
• Encryption and decryption occurs without any additional coding, data type or schema
modifications.

47 © 2019 Percona
Transparent Data Encryption (TDE)
[mysqld]
# TDE
early-plugin-load=keyring_file.so
keyring-file-data=/var/lib/mysql-keyring/keyring

mysql: root@localhost ((none)) > INSTALL PLUGIN keyring_udf SONAME


'keyring_udf.so';
Query OK, 0 rows affected (0.00 sec)

mysql: root@localhost ((none)) > SELECT PLUGIN_NAME, PLUGIN_STATUS


FROM INFORMATION_SCHEMA.PLUGINS
WHERE PLUGIN_NAME LIKE 'keyring%';
+--------------+---------------+
| PLUGIN_NAME | PLUGIN_STATUS |
+--------------+---------------+
| keyring_file | ACTIVE |
| keyring_udf | ACTIVE |
+--------------+---------
48 © 2019 Percona
Transparent Data Encryption (TDE)
mysql: root@localhost ((none)) > SELECT keyring_key_generate('MyKey', 'AES', 32);
+------------------------------------------+
| keyring_key_generate('MyKey', 'AES', 32) |
+------------------------------------------+
| 1 |
+------------------------------------------+
1 row in set (0.00 sec)

mysql> CREATE TABLESPACE `amer_meeting1` ADD DATAFILE 'amer_meeting1.ibd' ENCRYPTION


= 'Y' Engine=InnoDB;
Query OK, 0 rows affected (0.01 sec)

mysql: root@localhost (test) > CREATE TABLE t1 (a INT, b TEXT) TABLESPACE vgrippa
ENCRYPTION='N';
ERROR 1478 (HY000): InnoDB: Tablespace `vgrippa` can contain only an ENCRYPTED
tables.

mysql: root@localhost (test) > CREATE TABLE t1 (a INT, b TEXT) TABLESPACE vgrippa
ENCRYPTION='Y';
Query OK, 0 rows affected (0.02 sec)
49 © 2019 Percona
Transparent Data Encryption (TDE)
A flag field in the INFORMATION_SCHEMA.INNODB_SYS_TABLESPACES has bit number 13 set
if tablespace is encrypted.

mysql: root@localhost (test) > SELECT space, name, flag, (flag &
8192) != 0 AS encrypted FROM
INFORMATION_SCHEMA.INNODB_SYS_TABLESPACES WHERE name in ('vgrippa');
+-------+---------+-------+-----------+
| space | name | flag | encrypted |
+-------+---------+-------+-----------+
| 156 | vgrippa | 10240 | 1 |
+-------+---------+-------+-----------+
1 row in set (0.00 sec)

50 © 2019 Percona
caching_sha2_password

51 © 2019 Percona 51
caching_sha2_password
MySQL provides two authentication plugins that implement SHA-256 hashing
for user account passwords:
• sha256_password: Implements basic SHA-256 authentication
• caching_sha2_password: Implements SHA-256 authentication
(like sha256_password), but uses caching on the server side for better
performance and has additional features for wider applicability. (In MySQL
5.7, caching_sha2_password is implemented only on the client)

Note: In MySQL 8.0, caching_sha2_password is the default


authentication plugin rather than mysql_native_password.

52 © 2019 Percona
caching_sha2_password
mysql: root@localhost ((none)) > grant all privileges on *.* to
vgrippa@localhost identified by 'teste';
Query OK, 0 rows affected, 1 warning (0.00 sec)

mysql: root@localhost ((none)) > grant all privileges on *.* to


vgrippa1@localhost identified by 'teste';
Query OK, 0 rows affected, 1 warning (0.00 sec)

53 © 2019 Percona
caching_sha2_password
mysql: root@localhost ((none)) > select user, host, plugin,
authentication_string from mysql.user where user like 'vgrippa%';
+----------+-----------+-----------------------+--------------------------
-----------------+
| user | host | plugin | authentication_string
|
+----------+-----------+-----------------------+--------------------------
-----------------+
| vgrippa | localhost | mysql_native_password |
*A00D6EEF76EC509DB66358D2E6685F8FF7A4C3DD |
| vgrippa1 | localhost | mysql_native_password |
*A00D6EEF76EC509DB66358D2E6685F8FF7A4C3DD |
+----------+-----------+-----------------------+--------------------------
-----------------+
2 rows in set (0.00 sec)

54 © 2019 Percona
Example
# MySQL 8
[mysqld]
default_authentication_plugin=caching_sha2_password

mysql> CREATE USER 'sha2user'@'localhost' IDENTIFIED WITH


caching_sha2_password BY 'password';
Query OK, 0 rows affected (0.06 sec)
mysql> select user,host, plugin from mysql.user where user like
'sha2user%';
+----------+-----------+-----------------------+
| user | host | plugin |
+----------+-----------+-----------------------+
| sha2user | localhost | caching_sha2_password |
+----------+-----------+-----------------------+
1 row in set (0.00 sec)

55 © 2019 Percona
Example
mysql: root@localhost ((none)) > create user vgrippa@localhost
identified by 'teste';
Query OK, 0 rows affected (0.01 sec)

mysql: root@localhost ((none)) > create user vgrippa1@localhost


identified by 'teste';
Query OK, 0 rows affected (0.01 sec)

56 © 2019 Percona
Example
mysql: root@localhost ((none)) > select user, host, plugin, authentication_string
from mysql.user where user like 'vgrippa%';
+----------+-----------+-----------------------+-----------------------------------
-------------------------------------+
| user | host | plugin | authentication_string
|
+----------+-----------+-----------------------+-----------------------------------
-------------------------------------+
| vgrippa | localhost | caching_sha2_password | $A$005$)8?=V_"J75FFq
|jUVMUZmnZ1t8aSybB4AISoj1MXdlseI0rQay6bGGlne8 |
| vgrippa1 | localhost | caching_sha2_password |
$A$005$zEZ;bEmj[hq1T\!LFtqZzAB0hacxgwNfHM/gL6gBFHqY1wuozW2NO4Gj9958 |
+----------+-----------+-----------------------+-----------------------------------
-------------------------------------+
2 rows in set (0.01 sec)

57 © 2019 Percona
FIPS Mode

58 © 2019 Percona 58
FIPS
• MySQL supports FIPS mode, if compiled using OpenSSL,
and an OpenSSL library and FIPS Object Module are
available at runtime.
• FIPS mode on the server side applies to cryptographic
operations performed by the server. This includes
replication (master/slave and Group Replication) and X
Plugin, which run within the server. FIPS mode also applies
to attempts by clients to connect to the server.

59 © 2019 Percona 59
Example
mysql> show global variables like '%fips%';
+---------------+-------+
| Variable_name | Value |
+---------------+-------+
| ssl_fips_mode | ON |
+---------------+-------+
1 row in set (0.01 sec)

mysql> set global ssl_fips_mode=1;


Query OK, 0 rows affected (0.06 sec)

60 © 2019 Percona
Example
mysql> select md5('GUOB');
+----------------------------------+
| md5('a') |
+----------------------------------+
| 00000000000000000000000000000000 |
+----------------------------------+
1 row in set, 1 warning (0.00 sec)

61 © 2019 Percona
Example
mysql> show warnings;
+---------+-------+--------------------------------------------------------------
----------+
| Level | Code | Message
|
+---------+-------+--------------------------------------------------------------
----------+
| Warning | 11272 | SSL fips mode error: FIPS mode ON/STRICT: MD5 digest is not
supported. |
+---------+-------+--------------------------------------------------------------
----------+
1 row in set (0.00 sec)

62 © 2019 Percona 62
Exemplo
mysql> select sha2('GUOB', 256);
+------------------------------------------------------------------+
| sha2('a', 256) |
+------------------------------------------------------------------+
| 3a9490e26ca5ffa08dfd34d8958cb4d145174f91a5067f6ae8af847c2f808436 |
+------------------------------------------------------------------+
1 row in set (0.00 sec)

63 © 2019 Percona
Roles

64 © 2019 Percona 64
Roles
● MySQL 8 comes with Roles feature. A role is a named collection of
privileges. Like user accounts, roles can have privileges granted to and
revoked from them.

65 © 2019 Percona
Roles
mysql> create role app_read;
Query OK, 0 rows affected (0.03 sec)

mysql> grant select on *.* to app_read;


Query OK, 0 rows affected (0.04 sec)

66 © 2019 Percona
Roles
mysql> select * from app_db.joinit;
ERROR 1142 (42000): SELECT command denied to
user 'test_role'@'localhost' for table 'joinit'

mysql> SELECT CURRENT_ROLE();


+----------------+
| CURRENT_ROLE() |
+----------------+
| NONE |
+----------------+
1 row in set (0.00 sec)

67 © 2019 Percona
Roles
mysql> SET ROLE all;
Query OK, 0 rows affected (0.00 sec)

mysql> SELECT CURRENT_ROLE();


+----------------------------------------------
---------+
| CURRENT_ROLE()
|
+----------------------------------------------
---------+
|
`app_read`@`%`,`app_write`@`%`,`app_read`@`loca
lhost` |
68
+----------------------------------------------
© 2019 Percona
---------+
Roles
It is possible to use activate_all_roles_on_login to activate all
roles granted to each account at login time.

69 © 2019 Percona
References
# SO/Cloud security # Roles

https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.html https://dev.mysql.com/doc/refman/8.0/en/server-system-variables.html#sysvar_activate_all_
roles_on_login
https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html
https://dev.mysql.com/doc/refman/8.0/en/roles.html
# Audit log
# Password management
https://www.percona.com/blog/2015/09/10/percona-server-audit-log-plugin-best-practic
es/ https://dev.mysql.com/doc/refman/5.7/en/password-management.html

#caching_sha2_password https://dev.mysql.com/doc/refman/5.7/en/validate-password-installation.html

https://dev.mysql.com/doc/refman/5.7/en/caching-sha2-pluggable-authentication.html https://dev.mysql.com/doc/refman/5.7/en/validate-password-options-variables.html

# SSL # FIPS

https://www.percona.com/blog/2013/06/22/setting-up-mysql-ssl-and-secure-connections https://dev.mysql.com/doc/refman/8.0/en/fips-mode.html
/#setup
# Percona Server 8.0 Alpha release
https://www.percona.com/blog/2013/10/10/mysql-ssl-performance-overhead/
https://www.percona.com/blog/2018/09/27/announcement-alpha-build-of-percona-server-8-
# TDE 0/
https://www.percona.com/doc/percona-server/LATEST/management/data_at_rest_encry
ption.html # MySQL 8 redo and undo encryption

https://www.percona.com/doc/percona-server/LATEST/management/data_at_rest_encry https://dev.mysql.com/doc/refman/8.0/en/innodb-tablespace-encryption.html#innodb-tables
ption.html#usage pace-encryption-about

https://dev.mysql.com/doc/refman/5.7/en/keyring-file-plugin.html

70 © 2019 Percona
Any Questions?

71 © 2019 Percona 71
We’re Hiring!
Percona’s open source database
experts are true superheroes, improving
database performance for customers across
the globe.

Our staff live in nearly 30 different countries


around the world, and most
work remotely from home.

Discover what it means to have a Percona


career with the smartest people in the
database performance industries, solving
the most challenging problems our
customers come across.
72 © 2019 Percona

You might also like