Clever Geek Handbook

Install mysql keyring plugin

I was trying to install the keyring plugin on MySQL 5.7.18.

I edited the my.ini file. It was empty, so I added the following text and restarted MySQL.

[mysqld]
early-plugin-load=keyring_file.dll

I ran the following command to install the plugin.

mysql> install plugin keyring_file soname 'keyring_file.dll';

Then I ran the following sql to check:

mysql> SELECT PLUGIN_NAME, PLUGIN_STATUS
    ->        FROM INFORMATION_SCHEMA.PLUGINS
    ->        WHERE PLUGIN_NAME LIKE 'keyring%';
+--------------+---------------+
| PLUGIN_NAME  | PLUGIN_STATUS |
+--------------+---------------+
| keyring_file | ACTIVE        |
+--------------+---------------+
1 row in set (0.00 sec)

But when I tried to modify the table to use encryption, I got errors.

mysql> ALTER TABLE t1 ENCRYPTION='Y';
ERROR 3185 (HY000): Can't find master key from keyring, please check keyring 
plugin is loaded.

Am I missing a step somewhere?

+3


source to share


3 answers


Harriett, do this:

  • Check the user that the MySQL service is running as (for example NETWORK SERVICE)
  • Create a folder keyring

    in C: / Program Files / MySQL / MySQL Server 5.7
  • Explicitly grant MySQL service user permissions in the keys folder

By default on Windows when using keyring_file, the key file is stored in C: / Program Files / MySQL / MySQL Server 5.7 / keyring / keyring (I determined this by running SHOW VARIABLES LIKE 'keyring%'

after installing the plugin and confirming it to load as you described).



After creating the key folder in C: / Program Files / MySQL / MySQL Server 5.7 right click, then Properties -> Security, then Edit -> Add, etc. After adding the user, check "Edit" in addition to Read and execute, the contents of the list folder, Read and Write.

Then restart the MySQL service and you should be able to create the encrypted table without error.

NOTE. For security reasons, you should go back and delete all users / groups that you think you absolutely do not need, should have access to the folder with the keys (for example, local computer users). On Unix, the docs recommend that the mysql user and group have access to this folder.

+7


source


On windows you don't need this line: mysql> install plugin keyring_file soname 'keyring_file.dll'; what's the installation operation for Linux (maybe you can work under node?)

BUT make sure you have a FULL MySql installation - I didn't realize there are shorthand versions that don't have dll plugins (and other stuff). Make sure you have keyring_udf.dll installed and you have created UDFs as well.

The documentation on the mySql pages for all of this is poorly organized and difficult to follow.



This is one of those tasks that goes on forever. I have a key, everything is running - keyfile is getting encrypted. Then I use ALTER TABLE mytable ENCRYPTION = 'Y' but nothing happens.

I am exporting a table and the export states are "ENCRYPTION =" Y "but not encrypted. No error messages in mysql log, nothing.

0


source


I ran into the same problem on m local MySQL instance and the following steps helped me solve that "Encryption cannot find the master key, please check that the keyfob plugin is loaded". question.

  • Add the following line to my.ini file

    early-plugin-load=keyring_file.dll

  • Create a folder named keyring

    in the folder C:\Program Files\MySQL\MySQL Server 8.0

    .

  • Grant modifies access to this folder, since MySQL has to read the folder and paste the key into it.
  • Also Grant modifies access to MySQL folder inside Program Files.
  • Remove the existing installed plugin with the following command:
  • UNINSTALL PLUGIN keyring_file;
  • Reboot the MySQL server after making the changes.

  • Check if the keyring plugin is loaded or not using the following command: -

    show variables like '%keyring%';

It should show output like this:

+--------------------+---------------------------------------------------------+
| Variable_name      | Value                                                   |
+--------------------+---------------------------------------------------------+
| keyring_file_data  | C:/Program Files/MySQL/MySQL Server 8.0/keyring\keyring |
| keyring_operations | ON                                                      |
+--------------------+---------------------------------------------------------+
2   rows in set (0.0024 sec)

  • You can now enable encryption on your table using the following command:

    ALTER TABLE city ENCRYPTION='Y';

Hope the answer helps.

0


source






More articles:


All Articles