Security

Using Vault to Store the Master Key for Data at Rest Encryption on Percona Server for MongoDB

Percona Server MongoDB Encryption

Since the release of Percona Server MongoDB 3.6.13 (PSMDB), you have been able to use Vault to store the encryption keys for data at rest encryption. Here’s how to set it up.
First, you need to have a Vault server up and running. My colleague, Jericho, has an article on setting up Vault for Percona […]

Read more

What’s the Best Way to Enable (And Test) Encryption at Rest in RDS?

The other day on a call, a client asked me an interesting question.  We were discussing some testing they were doing in Amazon Relational Database Service (RDS).  The question came up “since RDS is managed, how can I prove to my security team that the data is actually encrypted?”  We’ve all read whitepapers and […]

Read more

ProxySQL 2.0.9 Introduces Firewall Whitelist Capabilities

ProxySQL Firewall Whitelist

In this blog, we will test a new security feature added in ProxySQL 2.0.9. Since a time ago, we have had the ability to block queries using mysql_query_rules table matching a group of queries using reg exp like a blacklist. Check out a previous blog for how to config “ProxySQL Firewalling” using the mysql_query_rules […]

Read more

MySQL Encryption: How Master Key Rotation Works

MySQL How Master Key Rotation Works

In the last blog post of this series, we discussed in detail how Master Key encryption works. In this post, based on what we already know about Master Key encryption, we look into how Master Key rotation works.
The idea behind Master Key rotation is that we want to generate a new Master Key and […]

Read more

MongoDB: Why Pay for Enterprise When Open Source Has You Covered?

alternatives to paying a MongoDB

When Percona first published the blog MongoDB Security: Why Pay for Enterprise when Open Source Has You Covered? , I constantly referenced it. Comparing MongoDB Enterprise to Percona Server for MongoDB has become such a common topic for discussion with Percona’s current and future customers that the information contained in that blog is ingrained in my […]

Read more