aws – How MySQL keyring_aws plugin stores the master key securely?

From MySQL internal doc, I am presuming that keys of keyring_aws are stored locally after generation. All the mandatory information like master key needed to decrypt table is configured locally using variable named ‘keyring_aws_cmk_id’.

If Intruder gets disk access then he/she get access to Mysql data directory and the master key stored in mysql conf file. Could be of great help if anyone could share some insights on security.