Note
For V2.2.50, this parameter is available starting with V2.2.50.
Description
external_kms_info stores some key management information.
Privilege requirements
Query the parameter
The
systenant and all user tenants can use theSHOW PARAMETERSstatement or theGV$OB_PARAMETERSview to query this parameter.Modify the parameter
The
systenant and user tenants can modify this parameter.
Attributes
| Attribute | Description |
|---|---|
| Type | String |
| Default value | "", indicating an empty string. |
| Modifiable | Yes. You can use the ALTER SYSTEM SET statement to modify the parameter. |
| Effective upon OBServer node restart | No. The setting takes effect immediately. |
Considerations
When you use an external KMS, you can configure the external_kms_info parameter to store some key management information. The format is as follows:
{
"KMS_HOST": "TEST_SERVER", // KMS address
"ROOT_CERT": "TEST_CERT", // public key of the certificate
"PRIVATE_KEY": "TEST_PKEY", // private key of the certificate
"PRIVATE_KEY_PHRASE": "TEST_PHRASE", // password of the certificate private key
"SCENE": "HK", // scenario. Valid values: HK, ANT, HK_SM, and ANT_SM.
"KEY_NAME": "TEST_NAME", // key name
"CALLER": "TEST_CALLER" // application name
}
Examples
Create a key named ob_cluster_key in the KMS and configure the external_kms_info parameter.
obclient> ALTER SYSTEM SET external_kms_info = '
{
"KMS_HOST": "kms.ob.com:443",
"ROOT_CERT": "******",
"PRIVATE_KEY": "******",
"PRIVATE_KEY_PHRASE": "ob2025",
"SCENE": "ANT",
"KEY_NAME": "ob_cluster_key",
"CALLER": "oceanbase_admin"
}';