open-dsi
/
postgres
mirror of https://github.com/postgres/postgres
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
235 Commits
38 Branches
662 Tags
732 MiB
Tag: Branch: Tree: bf936b0a10
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'bf936b0a10'
${ noResults }
postgres/documentation/docs/test.md

35 lines
1.1 KiB
Raw Normal View History Unescape

Docs (#78) * Docs * Created doc site * Added GH action * Added GH action * Added uninstall doc. Added TDE workflow * Changed docs after review Added flow diagram Added contributing doc * Updated contributions, changed Known limitations * Added running tests section to Contributing modified: documentation/docs/contribute.md * Added Future releases section
2 years ago
# Test Transparent Data Encryption
To check if the data is encrypted, do the following:
Renamed access methods again
1 year ago
1. Create a table in the database for which you have [enabled `pg_tde`](setup.md). Enabling `pg_tde` extension creates the table access method `tde_heap_basic`. To enable data encryption, create the table using this access method as follows:
Added a note about table access methods (#93) Changed GH action to trigger only t=on changes to docs folder modified: .github/workflows/doc-build.yaml modified: documentation/docs/setup.md modified: documentation/docs/test.md
2 years ago
```sql
Renamed access methods again
1 year ago
CREATE TABLE <table_name> (<field> <datatype>) USING tde_heap_basic;
Added a note about table access methods (#93) Changed GH action to trigger only t=on changes to docs folder modified: .github/workflows/doc-build.yaml modified: documentation/docs/setup.md modified: documentation/docs/test.md
2 years ago
```
!!! hint
Renamed access methods again
1 year ago
You can enable data encryption by default by setting the `default_table_access_method` to `tde_heap_basic`:
Added a note about table access methods (#93) Changed GH action to trigger only t=on changes to docs folder modified: .github/workflows/doc-build.yaml modified: documentation/docs/setup.md modified: documentation/docs/test.md
2 years ago
```sql
Renamed access methods again
1 year ago
SET default_table_access_method = tde_heap_basic;
Added a note about table access methods (#93) Changed GH action to trigger only t=on changes to docs folder modified: .github/workflows/doc-build.yaml modified: documentation/docs/setup.md modified: documentation/docs/test.md
2 years ago
```
Docs (#78) * Docs * Created doc site * Added GH action * Added GH action * Added uninstall doc. Added TDE workflow * Changed docs after review Added flow diagram Added contributing doc * Updated contributions, changed Known limitations * Added running tests section to Contributing modified: documentation/docs/contribute.md * Added Future releases section
2 years ago
2. Run the following function:
```sql
Documentation update (#149) * Updating documentation with configuration changes * Minor updates to improve readability * Added link to test.md for setup doc * Added documentation about key rotation and remote parameters --------- Co-authored-by: Anastasia Alexadrova <anastasia.alexandrova@percona.com>
1 year ago
SELECT pg_tde_is_encrypted('table_name');
Docs (#78) * Docs * Created doc site * Added GH action * Added GH action * Added uninstall doc. Added TDE workflow * Changed docs after review Added flow diagram Added contributing doc * Updated contributions, changed Known limitations * Added running tests section to Contributing modified: documentation/docs/contribute.md * Added Future releases section
2 years ago
```
Documentation update (#149) * Updating documentation with configuration changes * Minor updates to improve readability * Added link to test.md for setup doc * Added documentation about key rotation and remote parameters --------- Co-authored-by: Anastasia Alexadrova <anastasia.alexandrova@percona.com>
1 year ago
The function returns `t` if the table is encrypted and `f` - if not.
Renamed master key to principal key (#228) This commit contains lots of changes, but it's just a repeated execution of find <...> -exec sed <...>, so everything should work as before.
1 year ago
3. Rotate the principal key when needed:
Documentation update (#149) * Updating documentation with configuration changes * Minor updates to improve readability * Added link to test.md for setup doc * Added documentation about key rotation and remote parameters --------- Co-authored-by: Anastasia Alexadrova <anastasia.alexandrova@percona.com>
1 year ago
```sql
WAL keyring improvements (#238) - Rename database key rotation functions to make room for the global space ones. - Now, during the first start, we would create a default temporary key provider for the global space. A user can (and should) create their own key provider afterwards. This allows use the same codepath and internal interfaces for the keyring management across databases and the global space. - Now need to cache the principal key for the global space as we use it only at the server start to decrypt internal key. Then internal key persists in the memory cache. Fixes https://perconadev.atlassian.net/browse/PG-835, https://perconadev.atlassian.net/browse/PG-833
1 year ago
SELECT pg_tde_rotate_principal_key(); -- uses automatic key versionin
Documentation update (#149) * Updating documentation with configuration changes * Minor updates to improve readability * Added link to test.md for setup doc * Added documentation about key rotation and remote parameters --------- Co-authored-by: Anastasia Alexadrova <anastasia.alexandrova@percona.com>
1 year ago
-- or
WAL keyring improvements (#238) - Rename database key rotation functions to make room for the global space ones. - Now, during the first start, we would create a default temporary key provider for the global space. A user can (and should) create their own key provider afterwards. This allows use the same codepath and internal interfaces for the keyring management across databases and the global space. - Now need to cache the principal key for the global space as we use it only at the server start to decrypt internal key. Then internal key persists in the memory cache. Fixes https://perconadev.atlassian.net/browse/PG-835, https://perconadev.atlassian.net/browse/PG-833
1 year ago
SELECT pg_tde_rotate_principal_key('new-principal-key', NULL); -- specify new key name
Documentation update (#149) * Updating documentation with configuration changes * Minor updates to improve readability * Added link to test.md for setup doc * Added documentation about key rotation and remote parameters --------- Co-authored-by: Anastasia Alexadrova <anastasia.alexandrova@percona.com>
1 year ago
-- or
WAL keyring improvements (#238) - Rename database key rotation functions to make room for the global space ones. - Now, during the first start, we would create a default temporary key provider for the global space. A user can (and should) create their own key provider afterwards. This allows use the same codepath and internal interfaces for the keyring management across databases and the global space. - Now need to cache the principal key for the global space as we use it only at the server start to decrypt internal key. Then internal key persists in the memory cache. Fixes https://perconadev.atlassian.net/browse/PG-835, https://perconadev.atlassian.net/browse/PG-833
1 year ago
SELECT pg_tde_rotate_principal_key('new-principal-key', 'new-provider'); -- change provider
Documentation update (#149) * Updating documentation with configuration changes * Minor updates to improve readability * Added link to test.md for setup doc * Added documentation about key rotation and remote parameters --------- Co-authored-by: Anastasia Alexadrova <anastasia.alexandrova@percona.com>
1 year ago
```