I have a couple of questions.
I have setup the database to use hashicorp vault for the encryption keys and it appears that the encryption key is cached or stored somewhere in the database server.
The database wont start if vault is down but once it is up you can select from encrypted tables and create tables with encryption.
Does anyone know where those keys are cached or stored once the db is up?
Second, there is a config file you need to put in the mysql keyring directory that points to the vault.
In that file is a token in plain text.
Will someone who gets access to that token be able to connect to the vault directly if they know where the vault is located?