CREATE CLIENT MASTER KEY

Description

The encrypted equality query feature adopts a multi-level encryption model. The master key encrypts the column key, and the column key encrypts data. This syntax is used to create a master key object.

Precautions

• This syntax is specific to a fully-encrypted database.

Syntax

CREATE CLIENT MASTER KEY client_master_key_name WITH (KEY_STORE = key_store_name, KEY_PATH = "key_path_value", ALGORITHM = algorithm_type)

Parameters

• client_master_key_name

  This parameter is used as the name of a key object. In the same namespace, the value of this parameter must be unique.

  Value range: a string. It must comply with the naming convention.

• KEY_STORE

  External key manager. For details about the value, see Table 1.

• KEY_PATH

  Each key is managed by an external key manager and the key path format varies depending on the key manager. The value is a character string. For details, see Table 1. A character string is enclosed in single or double quotation marks. If the length of a character string exceeds 64 characters, only single quotation marks can be used.

• ALGORITHM

  Encryption algorithm used by the key. For details about the value, see Table 1.

  Table 1 Parameter values for different key managers

  KEY_STORE	KEY_PATH	ALGORITHM
  huawei_kms	Format: '{KmsApiUrl}/{Key ID}' Reference: 'https://kms.{Project}.myhuaweicloud.com/v1.0/{Project ID}/kms/{Key ID}' Example: 'https://kms.cn-north-4.myhuaweicloud.com/v1.0/00000000000000000000000000000000/kms/00000000-0000-0000-0000-000000000000'	AES_256