Additional features to ensure that system administrator can't login to the database and grant access to secured data by passing audit plugin.

1 - A malicious script that export data via usurpation of the backup user
2 - A malicious script that export data via usurpation of the replication user
3 - A malicious user that change the configuration file and restart without grant option
4 - A malicious user that replace system tables by it's own ones
5 - A malicious user that have access to backup directory

1 - For backups and various DBA scripts we introduce an exec command and define events like CREATE ENCRYPTED EVENT ... EXEC("mysqldump -ubackup -ptoto ....") we can ensure like this that the command containing my precious database password is secured . such event will be store in encrypted tablespace using extra event_crypt system table . To not expose the password to ps command the user backup is extended with a 2 step authentication negotiated by the server itself and replaced in the exposed command.

2 - For replication we can store an additional key to master.info and multi_master.info that encrypt the password in the file. Empty key would define a not yet encrypted password

3 - Store and fetch the configuration from the remote key management plugin

4a - Encrypt system user table at startup after privileges loaded in memory and store the key in a file for decripting at next startup.
flush priviledges and any grants command would decrypt the entire myisam table
4b - Encrypt user or password , key store along the user record in extra column , every login should first decrypt credential to pas authentication .

5 - Dumps can produce encrypted results adding extra command like /* 100108 */ set @@key=xxx; before every following multi row insert command encrypted with the key