Introduction

This document describes the integration of MariaDB with the Entrust KeyControl Database Vault (KMS).

Documents to read first

This guide describes how to configure the Entrust KeyControl Database Vault as a KMS in MariaDB.

To install and configure the Entrust KeyControl Database Vault, see the Entrust KeyControl Vault nShield HSM Integration Guide. You can access it from the Entrust Document Library and from the nShield Product Documentation website.

Also refer to the MariaDB online documentation.

Requirements

Entrust KeyControl Vault version 10.2 or later

An Entrust KeyControl license is required for the installation. You can obtain this license from your Entrust KeyControl Vault and MariaDB account team or through Entrust KeyControl Vault customer support (hytrust.support@entrust.com).
MariaDB Server 11.3.2 or later

Entrust recommends that you allow only unprivileged connections unless you are performing administrative tasks.

High-availability considerations

Entrust KeyControl Vault uses an active-active deployment, which provides high-availability capability to manage encryption keys. Entrust recommends this deployment configuration. In an active-active cluster, changes made to any KeyControl node in the cluster are automatically reflected on all nodes in the cluster. For information about Entrust KeyControl, see the Entrust KeyControl Vault Product Overview.

Product configuration

The integration between the MariaDB Server and Entrust KeyControl Vault has been successfully tested in the following configurations:

Product	Version
MariaDB Server	11.3.2
Entrust KeyControl Vault	10.2
Red Hat Enterprise Linux 8.9	Kernel: Linux 4.18.0-513.18.1.el8_9.x86_64

Product

Version

MariaDB Server

11.3.2

Entrust KeyControl Vault

10.2

Red Hat Enterprise Linux 8.9

Kernel: Linux 4.18.0-513.18.1.el8_9.x86_64