open-dsi
/
postgres
mirror of https://github.com/postgres/postgres
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
60434 Commits
38 Branches
662 Tags
732 MiB
Tag: Branch: Tree: 48c37f8544
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '48c37f8544'
${ noResults }
postgres/contrib/pg_tde/documentation/docs/global-key-provider-configu.../vault.md

47 lines
1.4 KiB
Raw Normal View History Unescape

Tde documentation updates for ga (#251) Modified the structure and overall presentation for the users to make it more accessible and future-proof as we improve pg_tde moving forward. Split big chapters into smaller chunks to improve SEO, renamed a couple of files for better visibility online and cleaned a bit of text. Integrated changes from: - https://github.com/percona/postgres/pull/314 - https://github.com/percona/postgres/pull/306 - Commit f636e82
4 months ago
# Vault Configuration
You can configure `pg_tde` to use HashiCorp Vault as a global key provider for managing encryption keys securely.
!!! note
This guide assumes that your Vault server is already set up and accessible. Vault configuration is outside the scope of this document, see [Vault's official documentation](https://developer.hashicorp.com/vault/docs) for more information.
## Example usage
```sql
DOCS-KMIP-updates (#337) initial commit, fixes to code presentation - Updates to kmip with fixes to how we present code (website looks better now!) - Updates set-principal-key with similar fixes - Updated keyring.md with similar fixes And updated functions for two parameters with updates from 1506
4 months ago
SELECT pg_tde_add_global_key_provider_vault_v2(
'provider-name',
'secret_token',
'url',
'mount',
'ca_path'
);
Tde documentation updates for ga (#251) Modified the structure and overall presentation for the users to make it more accessible and future-proof as we improve pg_tde moving forward. Split big chapters into smaller chunks to improve SEO, renamed a couple of files for better visibility online and cleaned a bit of text. Integrated changes from: - https://github.com/percona/postgres/pull/314 - https://github.com/percona/postgres/pull/306 - Commit f636e82
4 months ago
```
## Parameter descriptions
* `provider-name` is the name to identify this key provider
* `secret_token` is an access token with read and write access to the above mount point
* `url` is the URL of the Vault server
* `mount` is the mount point where the keyring should store the keys
* [optional] `ca_path` is the path of the CA file used for SSL verification
The following example is for testing purposes only. Use secure tokens and proper SSL validation in production environments:
```sql
DOCS-KMIP-updates (#337) initial commit, fixes to code presentation - Updates to kmip with fixes to how we present code (website looks better now!) - Updates set-principal-key with similar fixes - Updated keyring.md with similar fixes And updated functions for two parameters with updates from 1506
4 months ago
SELECT pg_tde_add_global_key_provider_vault_v2(
'my-vault',
'hvs.zPuyktykA...example...ewUEnIRVaKoBzs2',
'http://vault.vault.svc.cluster.local:8200',
'secret/data',
NULL
);
Tde documentation updates for ga (#251) Modified the structure and overall presentation for the users to make it more accessible and future-proof as we improve pg_tde moving forward. Split big chapters into smaller chunks to improve SEO, renamed a couple of files for better visibility online and cleaned a bit of text. Integrated changes from: - https://github.com/percona/postgres/pull/314 - https://github.com/percona/postgres/pull/306 - Commit f636e82
4 months ago
```
For more information on related functions, see the link below:
[Percona pg_tde function reference](../functions.md){.md-button}
## Next steps
[Global Principal Key Configuration :material-arrow-right:](set-principal-key.md){.md-button}