I am wondering what is the point of encryption at rest?
It is said that a hacker cannot steal the database and look through it. I'm afraid that it does not protect the database while the key is stored on the same machine.
Let's have a look at my MariaDB settings:
[mysqld]
# at-rest encryption
plugin_load_add = file_key_management
file_key_management_filename = /etc/mysql/rest/keyfile.enc
file_key_management_filekey = FILE:/etc/mysql/rest/keyfile.passwd
file_key_management_encryption_algorithm = AES_CBC
If keyfile.passwd and keyfile.enc are on the same machine, the hackers will steal all of them together and decrypt keyfile.enc by keyfile.passwd and then they will obtain the key in a plain text and via the key, they decrypt the encrypted database.
Where will be the protection?
Best Answer
The
file_key_managementis largely a testing plugin. Its there to show the general operation and be there as self tests. Its also there as a simple reference implementation if you want to write your own.You are right about every weakness described.
There may be container based applications where the storage of keys used by the
file_key_managementplugin are only brought together when the MariaDB pod is instigated. With this there may be some risk vectors mitigated.There are a number of other encryption implementations using the same server API that offer greater protection.