Georgi Kodinov - Oracle MySQL - MySQL Track Room - Percona Live 2021
MySQL configuration has traditionally been done via system variables with values coming from either command line, config files or SET commands. This can be a security issue since it doesn’t support a trust model rooted in some well known trusted state that cannot be modified by less trusted actors.
This is what the manifest le security model is aiming at solving. It roots server security into a well known and trusted source (the server’s OS le permissions) and builds on top of it to allow secure configuration of components.
In this talk we will review how manifest files work and also check some of the early adopter components of the new secure configuration model. ∎