Prerequisites
To use the Securosys MariaDB encryption plugin, you need:
- A Securosys Primus HSM or CloudHSM
- A Transaction Security Broker (TSB) instance (to provide the REST API)
- A server to run MariaDB on
Because the plugin uses the REST API to communicate with the HSM,
the REST_API license is required.
If you have a TSB license, the REST API license is already included.
You also need an instance of the TSB running somewhere. In CloudHSM, Securosys manages a TSB for you, and you can select it as an option in your service package. For on-premise Primus HSMs you can host the TSB yourself.
Version Overview
The following table shows the recent MariaDB LTS versions and in which Debian and Ubuntu versions they are included:
| MariaDB | Debian | Ubuntu |
|---|---|---|
| 10.11 | 12 (Bookworm) | 24.04 (Noble) |
| 11.8 | 13 (Trixie) | 25.10 (Questing) |
Compatibility
This installation guide was testing with:
- Debian 12
- MariaDB 10.11 with InnoDB
Using Docker
If you are running MariaDB in a Docker container, you will need to apply the steps outlined in this installation guide to your Docker container. This involves 1) building a Docker image that installs the Securosys plugin and its dependencies and 2) adding the required configuration files, either in the image or as file mounts. For more details, see this blog post.