As a company that provides financial services, Square deals with sensitive data on a daily basis, and strong database access control is a core requirement. The task of managing database credentials for 1500+ users across 2000+ clusters manually is extremely tedious and error-prone. Thus, Square developed Lionheart as a microservice to automate much of this work, removing the need for DBAs to manually grant database access to users. Lionheart is responsible for creating and auditing user access. It automatically rotates users, certificates, and grants for both applications and developers every several days. In this talk, we will discuss how to keep your MySQL databases secure, with a discussion on the importance of using TLS encryption, as well as how we leveraged several other open-source tools to make this management easier. We'll discuss the gotchas we ran into, as well as some tips to help you manage your MySQL user access.
Brian Ip is a software engineer on the Online Data Storage team at Square. He spends his time writing tools to help manage the MySQL and Redis fleet.
Samantha Ong is a software engineer at Square on the Online Data Storage team, and spends most of her time working with Square's MySQL fleet.