MogDB
Ecological Tools
Doc Menu

CREATE CLIENT MASTER KEY

Function

CREATE CLIENT MASTER KEY creates a client master key (CMK).

Precautions

When using gsql to connect to the database, you need to add the -C option to enable the encrypted database function.

Before creating a CMK, you need to use KeyTool to generate a key.

Syntax

CREATE CLIENT MASTER KEY client_master_key_name WITH '(' master_key_params ')';

master_key_params:

KEY_STORE '=' key_store_value ',' KEY_PATH '=' key_path_value ',' ALGORITHM '=' algorithm_value

Parameter Description

  • client_master_key_name

    Name of the CMK in the same namespace. The value must be unique.

    Value range: a string. It must comply with the naming convention.

  • mater_key_params

    Parameters involved in creating a CMK, including:

    • KEY_STORE: Currently, the value is gs_ktool.
    • KEY_PATH: The value is the ID of the key generated by KeyTool, for example, gs_ktool/1.
    • ALGORITHM: An algorithm used to encrypt the column encryption key. Currently, only AES_256_CBC is supported.

Examples

-- Create the dev_ce user.
mogdb=# CREATE USER dev_ce PASSWORD 'dev@1234';
-- Connect to an encrypted database.
gsql -p 57101 mogdb -U dev_ce -r -C
gsql ((MogDB Kernel 1.1.0 build 5be05d82) compiled at 2020-11-24 20:03:57 commit 1093 last mr 1793 debug)
Non-SSL connection (SSL connection is recommended when requiring high-security)
Type "help" for help.

mogdb=>
-- Use Key_Tool to create a key.
mogdb=> \! gs_ktool -g
-- Create a CMK.
mogdb=> CREATE CLIENT MASTER KEY ImgCMK WITH ( KEY_STORE = gs_ktool , KEY_PATH = "gs_ktool/1" , ALGORITHM = AES_256_CBC);