Product Documentation

Database Administrator's Guide

Previous Topic

Next Topic


MASTER_KEY_FILE <filename>

Specifies a file from which c-tree reads the master encryption key. On Linux 2.6 and later kernel systems, c-tree uses the keyutils support to create a user-specific key in which the master key is stored. On other Unix systems, the master key is stored in a file on disk, with permissions set so that only the user that created the file can read it (permissions are set to 400).

The file (or user key on Linux) is encrypted using AES, however, the encryption is intended to only prevent casual inspection of the data when the file's contents are viewed. The permissions on the file are the defense against an unauthorized user reading the file.

The ctcpvf utility's -s option is used to create the master key file.

This configuration option can include an environment variable name that will be substituted with its value when the configuration file is read.

See Also