audit_log_encryption_password_get() does not fetch the current password
General
Escalation
General
Escalation
Description
Environment
None
Activity
Show:
mohit.joshi May 5, 2023 at 7:18 AM
Retested and it works fine now
Done
Details
Details
Assignee
Unassigned
UnassignedReporter
mohit.joshiLabels
Needs QA
Yes
Sprint
None
Priority
MediumSmart Checklist
Open Smart Checklist
Smart Checklist
Open Smart Checklist
Created May 2, 2023 at 2:13 PM
Updated April 2, 2024 at 11:40 AM
Resolved May 5, 2023 at 7:18 AM
While testing audit logs, below test was done.
1. start the server and install audit log plugin 2. shutdown server 3. start server with audit log encryption enabled By default, a random password is used to encrypt the audit logs. This was confirmed by executing mysql> select audit_log_encryption_password_get(); "password":"nHMmzHp3XhKAZifGb49KY3T33lyTvclatzKkG1foizq7aMN9IOTjSzmXcksXCe5yTPimIEQ0587fMMphnAO712eenX1r17pMOO8beQbjbbFppwWS6mb0p6eSTfJMe9" "salt":"2A21C4B3EEF07555","iterations":627565 4. Now, password was changed using select audit_log_encryption_password_set('mohit'); 5. At this point , using audit_log_encryption_password_get() fetches the topmost password from performance_schema.keyring_keys mysql> select audit_log_encryption_password_get(); +--------------------------------------------------------------------+ | audit_log_encryption_password_get() | +--------------------------------------------------------------------+ | {"password":"mohit","salt":"4D700624406F4CD1","iterations":580409} | +--------------------------------------------------------------------+ 1 row in set (0.00 sec) 6. Again, password was changed using select audit_log_encryption_password_set('rohit'); 7. Confirmed using audit_log_encryption_password_get() mysql> select audit_log_encryption_password_get(); +--------------------------------------------------------------------+ | audit_log_encryption_password_get() | +--------------------------------------------------------------------+ | {"password":"rohit","salt":"918B71A8E7577418","iterations":546540} | +--------------------------------------------------------------------+ 1 row in set (0.01 sec) 8. Now, audit log is rotated select audit_log_rotate(); 9. Set a new password using select audit_log_encryption_password_set('percona'); 10. fetching the current password will still show older password 'rohit' mysql> select audit_log_encryption_password_get(); +--------------------------------------------------------------------+ | audit_log_encryption_password_get() | +--------------------------------------------------------------------+ | {"password":"rohit","salt":"918B71A8E7577418","iterations":546540} | +--------------------------------------------------------------------+