MySQL 5.7 Reference Manual Including MySQL NDB Cluster 7.5 and NDB Cluster 7.6
For each keyring plugin-specific user-defined function (UDF), this section describes its purpose, calling sequence, and return value. For information about general-purpose keyring UDFs, see Section 6.4.4.8, “General-Purpose Keyring Key-Management Functions”.
Associated keyring plugin: keyring_aws
keyring_aws_rotate_cmk()
rotates the customer master key (CMK). Rotation changes only
the key that AWS KMS uses for subsequent data key-encryption
operations. AWS KMS maintains previous CMK versions, so keys
generated using previous CMKs remain decryptable after
rotation.
Rotation changes the CMK value used inside AWS KMS but does
not change the ID used to refer to it, so there is no need
to change the
keyring_aws_cmk_id
system
variable after calling
keyring_aws_rotate_cmk()
.
This UDF requires the SUPER
privilege.
Arguments:
None.
Return value:
Returns 1 for success, or NULL
and an
error for failure.
Associated keyring plugin: keyring_aws
keyring_aws_rotate_keys()
rotates keys stored in the keyring_aws
storage file named by the
keyring_aws_data_file
system variable. Rotation sends each key stored in the file
to AWS KMS for re-encryption using the value of the
keyring_aws_cmk_id
system
variable as the CMK value, and stores the new encrypted keys
in the file.
keyring_aws_rotate_keys()
is
useful for key re-encryption under these circumstances:
After rotating the CMK; that is, after invoking the
keyring_aws_rotate_cmk()
UDF
After changing the
keyring_aws_cmk_id
system variable to a different key value
This UDF requires the SUPER
privilege.
Arguments:
None.
Return value:
Returns 1 for success, or NULL
and an
error for failure.