mirror of
https://github.com/MariaDB/server.git
synced 2025-12-17 01:35:43 +01:00
d936d36d4f
Introduces `FLUSH HASHICORP_KEY_MANAGEMENT_CACHE` command to flush the cached keys in the HashiCorp Key Management plugin, enabling rotation of encryption keys without needing to restart the server. The new `INFORMATION_SCHEMA.HASHICORP_KEY_MANAGEMENT_CACHE` table lists the key id and key version from the latest version cache. The table's content can be viewed using `SHOW HASHICORP_KEY_MANAGEMENT_CACHE` or queried directly. Executing the `FLUSH` command requires `RELOAD` privilege and access to INFORMATION_SCHEMA table requires `PROCESS` privilege. Bugfix (squashed): MDEV-38111: SIGSEGV when multiple servers use the same Vault KV storage for encrypted tables Problem: A data race between InnoDB background threads reading the cached keys and the thread executing FLUSH command clearing it without acquiring a lock. This non-synchronized memory write caused InnoDB threads that were concurrently reading the cache to access freed memory, leading to a crash. Fix: Acquire the lock before clearing the latest version cahce. This ensures the cache clearing operation is serialized, preventing concurrent access and resolving the data race. |
||
|---|---|---|
| .. | ||
| mysql-test/vault | ||
| CMakeLists.txt | ||
| hashicorp_key_management.cnf | ||
| hashicorp_key_management.txt | ||
| hashicorp_key_management_plugin.cc | ||