Note
For V2.2.50, this parameter is available starting with V2.2.50.
Description
external_kms_info stores some key management information.
Privilege requirements
Query the parameter
systenants and all user tenants can use theSHOW PARAMETERSstatement or theGV$OB_PARAMETERSview to query this parameter.Modify the parameter
systenants and user tenants can modify this parameter.
Attributes
| Attribute | Description |
|---|---|
| Type | String |
| Default value | "", which indicates an empty string. |
| Modifiable | Yes. You can use the ALTER SYSTEM SET statement to modify the parameter. |
| Effective upon OBServer node restart | No. The setting takes effect immediately. |
Considerations
When you use an external KMS, you can configure the external_kms_info parameter to store some key management information. The format of the parameter is as follows:
{
"KMS_HOST": "TEST_SERVER", // KMS address
"ROOT_CERT": "TEST_CERT", // certificate public key
"PRIVATE_KEY": "TEST_PKEY", // certificate private key
"PRIVATE_KEY_PHRASE": "TEST_PHRASE", // certificate private key password
"SCENE": "HK", // scenario. Valid values: HK, ANT, HK_SM, and ANT_SM
"KEY_NAME": "TEST_NAME", // key name
"CALLER": "TEST_CALLER" // application name
}
Examples
Create a key named ob_cluster_key in the KMS and configure the external_kms_info parameter.
obclient> ALTER SYSTEM SET external_kms_info = '
{
"KMS_HOST": "kms.ob.com:443",
"ROOT_CERT": "******",
"PRIVATE_KEY": "******",
"PRIVATE_KEY_PHRASE": "ob2025",
"SCENE": "ANT",
"KEY_NAME": "ob_cluster_key",
"CALLER": "oceanbase_admin"
}';