3.10 Secure MySQL Keyring - keyring_file_data_path

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

When configured to use a Keyring plugin, internal MySQL components and plugins may securely store sensitive information for later retrieval. Associated files for the selected keyring type should have proper permissions.

Rationale:

Limiting the accessibility of these objects will protect the confidentiality, integrity, and availability of internal MySQL component and plugin information.

Solution

If no keyring plugin or keyring file plugin is configured, instructions for configuring a keyring plugin or keyring file plugin may found at:

KMIP - https://dev.mysql.com/doc/refman/8.0/en/keyring-okv-plugin.html#keyring-okv-configuration

OCI Vault - https://dev.mysql.com/doc/refman/8.0/en/keyring-oci-plugin.html

Hashicorp - https://dev.mysql.com/doc/refman/8.0/en/keyring-hashicorp-plugin.html#keyring-hashicorp-plugin-configuration

AWS - https://dev.mysql.com/doc/refman/8.0/en/keyring-aws-plugin.html#keyring-aws-plugin-configuration

Execute the following command for each Keyring file location requiring corrected permissions:

chmod 750 <keyring file>
chown mysql:mysql <keyring file>

See Also

https://workbench.cisecurity.org/benchmarks/12903