Note
This parameter is available starting with V2.2.50.
Description
external_kms_info stores some key management information.
Privilege requirements
Query the parameter
The
systenant and all user tenants can use theSHOW PARAMETERSstatement or theGV$OB_PARAMETERSview to query this parameter.Modify the parameter
The
systenant and user tenants can modify this parameter.
Attributes
| Attribute | Description |
|---|---|
| Type | String |
| Default value | "", which indicates an empty string |
| Modifiable | Yes. You can use the ALTER SYSTEM SET statement to modify the parameter. |
| Effective upon OBServer node restart | No. The setting takes effect immediately. |
Considerations
When you use an external key management service (KMS), you can configure the external_kms_info parameter to store some key management information. The format is as follows:
{
"KMS_HOST": "TEST_SERVER", // KMS address
"ROOT_CERT": "TEST_CERT", // Public key of the certificate
"PRIVATE_KEY": "TEST_PKEY", // Private key of the certificate
"PRIVATE_KEY_PHRASE": "TEST_PHRASE", // Password of the certificate private key
"SCENE": "HK", // Scene. Valid values: HK, ANT, HK_SM, and ANT_SM.
"KEY_NAME": "TEST_NAME", // Key name
"CALLER": "TEST_CALLER" // Application name
}
Examples
Create a key named ob_cluster_key in the KMS and configure the external_kms_info parameter.
obclient> ALTER SYSTEM SET external_kms_info = '
{
"KMS_HOST": "kms.ob.com:443",
"ROOT_CERT": "******",
"PRIVATE_KEY": "******",
"PRIVATE_KEY_PHRASE": "ob2025",
"SCENE": "ANT",
"KEY_NAME": "ob_cluster_key",
"CALLER": "oceanbase_admin"
}';