Integration with CipherTrust Manager

To integrate MySQL with the CipherTrust Manager:

1. Configure the okvclient.ora File

2. Configure the keyring conf Directory

3. Test the Configuration

Configure the okvclient.ora File

Create and configure the okvclient.ora client file.

cd /var/lib/mysql/mysql-keyring-okv
touch okvclient.ora

The okvclient.ora file conatins lines similar to the following.

cat /var/lib/mysql/mysql-keyring-okv
SERVER=IP_CipherTrust_Node1:CM_Port
STANDBY_SERVER=IP_CipherTrust_Node2:CM_Port

Configure the keyring conf Directory

To set up the keyring conf directory:

1. Add the paths of the keyring_okv.so library and okvclient.ora configuration file to the my.cnf file using:

   early-plugin-load = keyring_okv.so
   keyring_okv_conf_dir = /var/lib/mysql/mysql-keyring-okv
   

2. Restart the mysql service using systemctl restart mysqld.

Test the Configuration

1. Create a new user and grant all privileges to the user.

   CREATE USER 'TestUser'@'localhost' IDENTIFIED BY '********';
   GRANT ALL PRIVILEGES ON *.* TO 'TestUser'@'localhost';
   

2. Log on to MySQL as “TestUser”, and create a database called Players and a table named BaseballPlayers.

   mysql -u TestUser –p
   create database Players;
   use Players;
   CREATE table BaseballPlayers (lastname varchar(16), firstname varchar(12), position varchar(16));
   

3. Insert some sample data into the table BaseballPlayers.

   INSERT INTO BaseballPlayers ( firstname, lastname, position ) values ('John','Doe','Outfield' );
   INSERT INTO BaseballPlayers ( firstname, lastname, position ) values ('Joe','Smith','Pitcher' );
   INSERT INTO BaseballPlayers ( firstname, lastname, position ) values ('Willie','Mays', 'Outfield' );
   

4. Encrypt the table.

   ALTER TABLE BaseballPlayers ENCRYPTION='Y';
   

This generates your master encryption key on the CipherTrust Manager and completes your integration. Move to the next section to verify your integration.