What's the best method to use / store encryption keys in MySQL

Question

I plan on using MySQL and it\'s built-in encryption functionality to encrypt / decrypt certain columns in certain tables. The concern I have is that I need to store the key

Answer 1

It seems that you are considering the use of a 'column-specific' key to use with 'AES_ENCRYPT' and 'AES_DECRYPT'. As the commenter said, this is a bad idea, because any intrusion will have access to all the data.

If you use a 'user-supplied' password, with/without a salt, you are being much more secure.

That said, if the encryption key is only readable by the application using it, you are probably 'good enough'. If the machine is broken into, they're going to get your data faster with a single key though.