The configuration directory used by keyring_okv as the location for its support files should have a restrictive mode and be accessible only to the account used to run the MySQL server. For example, on Windows-like systems, to use the
Create mysql-keyring-okv folder in following location C:\Program Files\MySQL\MySQL Server 8.0\mysql-keyring-okv folder and allow following permission to the folder.
-
After creating the mysql-keyring-okv folder in C:\Program Files\MySQL\MySQL Server 8.0\mysql-keyring-okv right-click, then Properties -> Security, then Edit -> Add etc.
-
Once the user is added check "Modify" in addition to Read & execute, List folder contents, Read and Write.
-
Also, Grant modify access to MySQL folder inside Program Files.
-
Restart the MySQL server after making above changes.
-
To be usable during the server startup process, keyring_okv must be loaded using the -early-plugin-load option. Also, set the keyring_okv_conf_dir system variable to tell keyring_okv where to find its configuration directory.
|
›_ Console |
|---|
|
Edit the C:\ProgramData\MySQL\MySQL Server 8.0\my.ini file and add the plugin into the mysqld section.
-
Download the CA.pem, cert.pem to our MySQL server under the SSL folder.
-
In the configuration directory, create a file named okvclient.ora. It should have following format:
|
›_ Console |
|---|
|
-
Set the mysql permissions on the file.
C:\Program Files\MySQL\MySQL Server 8.0\mysql-keyring-okv\okvclient.ora
-
After completing the preceding procedure, restart the MySQL server. It loads the keyring_okv plugin and keyring_okv uses the files in its configuration folder to communicate with ESKM.
-
Verify that the keyring_okv plugin is working.
|
mysql› |
|---|
|