MySQL Governance

This issue will focus on governance, privacy and security of MySQL production databases.

This is the first news letter of DbAdmin.news! Thanks for taking the time to read the newsletter. The news letter will focus on technology solutions for data governance, privacy and security.

The data technology and government regulations landscape are changing independently and very fast. This is forcing data teams to come up with new solutions for data governance, privacy and security. The news letter is my attempt to keep up to date. Hopefully you’ll find it useful as well.


A common governance problem is to audit and manage human access to production databases. In this blog, Hootsuite built a MySQL Bastion that manages temporary credentials and logs activity for MySQL production databases.

https://medium.com/hootsuite-engineering/mysql-bastion-streamlined-db-access-with-proxysql-vault-and-ad-aa79877247b4

Another common requirement is data masking. In this talk, ProxySQL is used to provide basic data masking using regular expression. This approach is a good starting point to check if your company is ready for data masking. However at scale a more robust and automated method built on metadata is required.

https://archive.fosdem.org/2017/schedule/event/proxysqldatamasking/

The last one is feature request. A major issue in security operations is to provide database passwords to applications and users. There are multiple approaches involving a “database of secrets” and scripts to write passwords to configuration files. However all of them are susceptible to bugs and human error as well as insider threats. A new approach is to not require passwords at all. AWS has introduced IAM authentication that allows access based on the role of an application or user.

AWS IAM support was recently merged into Mariadb allowing headless processes and developers to log into Mariadb without requiring passwords.

https://jira.mariadb.org/browse/CONJ-695


Thanks for reading the first issue of DbAdmin.News. If you have any feedback or interesting articles for this newsletter, get in touch by sending an email to info@dbadmin.news or message on twitter at @dbad1minnews.

Register for the newsletter OR follow us on twitter @dbad1minnews