Percona8.0.17的数据屏蔽插件的使用

MySQL企业版里面的数据屏蔽的功能，在Percona 8.0.17里面被开源实现了。

具体可以参考下面3篇文档：

https://dev.mysql.com/doc/mysql-security-excerpt/8.0/en/data-masking-installation.html

https://www.percona.com/doc/percona-server/LATEST/security/data-masking.html、

https://www.percona.com/blog/2020/01/06/data-masking-in-percona-server-for-mysql-to-protect-sensitive-data/

我们这里演示方便起见，用dbdeployer来部署：

dbdeployer unpack --prefix=ps Percona-Server-8.0.18-9-Linux.x86_64.ssl101.tar.gzdbdeployer deploy single ps8.0.18 --bind-address='0.0.0.0' --gtid --init-general-log --enable-genera-log --disable-mysqlx --force

cd /sandboxes/msb_ps8_0_18/

cat my.sandbox.cnf 修改下 client段的user为root（默认dbdeployer部署的是低权限账号）

[client]user = root

# 安装data_masking 插件

./use  登录进mysql控制台mysql [localhost:8018] {root} (test) > INSTALL PLUGIN data_masking SONAME 'data_masking.so';Query OK, 0 rows affected (0.02 sec)

# 演示数据屏障功能

mysql [localhost:8018] {root} (test) > SELECT mask_outer('This is a string', 5, 1);   # 前5个和最后1个字符，用掩码替代+--------------------------------------+| mask_outer('This is a string', 5, 1) |+--------------------------------------+| XXXXXis a strinX         |+--------------------------------------+1 row in set (0.00 sec)mysql [localhost:8018] {root} (test) > SELECT mask_pan_relaxed(gen_rnd_pan()); +---------------------------------+| mask_pan_relaxed(gen_rnd_pan()) |+---------------------------------+| 545151XXXXXX1753       |+---------------------------------+1 row in set (0.00 sec)

具体还有很多，参考上面的3个连接即可。。