Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Encrypt patient data at rest and in backup files. #251

Open
wants to merge 13 commits into
base: dev
Choose a base branch
from
Open
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Add MariaDB configuration to enable InnoDB table encryption.
schuyler committed Feb 7, 2020

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
commit 9efc87f8fa074c20029703230012967bf92d598d
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
[mariadb]
plugin_load_add = file_key_management

# The table encryption secret gets *itself* encrypted at rest.
# See https://mariadb.com/kb/en/file-key-management-encryption-plugin/#creating-the-key-file
file_key_management_filename = /etc/mysql/keyfile.enc
file_key_management_filekey = FILE:/usr/share/buendia/system.key

# AES_CBC is used by default. AES_CTR is preferred, but not supported in older MariaDB builds.
# https://mariadb.com/kb/en/file-key-management-encryption-plugin/#choosing-an-encryption-algorithm
# file_key_management_encryption_algorithm = AES_CTR

# InnoDB/XtraDB Encryption
# https://mariadb.com/kb/en/innodb-encryption-overview/#basic-configuration
# The 'FORCE' option requires all InnoDB tables to be encrypted.
innodb_encrypt_tables = FORCE
innodb_encrypt_log = ON
innodb_encryption_threads = 4
innodb_encryption_rotate_key_age = 1