How does mysql keyring_file fetch keys from the given list of user keys?

Consider root user with 2 application user having privileges to specific databases alone. If keyring keys were created for 2 application users(session users) by default keyring_key_generate. How do mysql internally fetch keys? is it based on logged-in users or mysql have the association somewhere?

So root user can decrypt all users data ?

Command used to create key

SELECT keyring_key_generate('MyKey', 'DSA', 256);

Basically how to assign a key for a user in mysql keyring_file plugin

1 Like

I’ve never used it before, but documentation says
" A key stored in the keyring by a given user can be manipulated later only by the same user. That is, the value of the CURRENT_USER() function at the time of key manipulation must have the same value as when the key was stored in the keyring. (This constraint rules out the use of the keyring functions for manipulation of instance-wide keys, such as those created by InnoDB to support tablespace encryption.)"

Link:
https://docs.oracle.com/cd/E17952_01/mysql-8.0-en/keyring-functions-general-purpose.html

2 Likes