CREATE CLIENT MASTER KEY
Description
The encrypted equality query feature adopts a multi-level encryption model. The master key encrypts the column key, and the column key encrypts data. This syntax is used to create a master key object.
Precautions
- This syntax is specific to a fully-encrypted database.
- When connecting to the database, you need to enable the connection parameters of the encrypted equality query feature on the database driver side before running this syntax.
- The master key is provided by an external key manager. This syntax processes only information such as the key source and key ID. The following external key managers are supported:
- Huawei Cloud KMS huawei_kms
- Before using this syntax, set environment variables for the external key manager on the database driver side. For details, see section "Setting Encrypted Equality Query" in Feature Guide.
Syntax
CREATE CLIENT MASTER KEY client_master_key_name WITH (KEY_STORE = key_store_name, KEY_PATH = "key_path_value", ALGORITHM = algorithm_type);
Parameters
- client_master_key_name
This parameter is used as the name of a key object. In the same namespace, the value of this parameter must be unique.
Value range: a string. It must comply with the naming convention.
- KEY_STORE
External key manager. For details about the value, see Table 1.
- KEY_PATH
Each key is managed by an external key manager and the key path format varies depending on the key manager. The value is a character string. For details, see Table 1. A character string is enclosed in single or double quotation marks. If the length of a character string exceeds 64 characters, only single quotation marks can be used.
- ALGORITHM
Encryption algorithm used by the key. For details about the value, see Table 1.
Table 1 Parameter values for different key managers KEY_STORE
KEY_PATH
ALGORITHM
huawei_kms
Format: '{KmsApiUrl}/{Key ID}'
Reference: 'https://kms.{Project}.myhuaweicloud.com/v1.0/{Project ID}/kms/{Key ID}'
Example: 'https://kms.cn-north-4.myhuaweicloud.com/v1.0/00000000000000000000000000000000/kms/00000000-0000-0000-0000-000000000000'
AES_256
Example (Using gsql to Connect to the Database Server)
Before using this syntax, you need to enable KMS and configure parameters for accessing KMS. For details, see "Setting Encrypted Equality Queries" in Feature Guide.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot