PG-1656 Add sample outputs for Global Principal Key Configuration commands (#474)

2 months ago · 0ee3f3a341
parent 516129122e
commit 0ee3f3a341
3 changed files with 36 additions and 16 deletions
--- a/contrib/pg_tde/documentation/docs/functions.md
+++ b/contrib/pg_tde/documentation/docs/functions.md
@ -2,6 +2,9 @@

 The `pg_tde` extension provides functions for managing different aspects of its operation:

+!!! note
+    If no error is reported when running the commands below, the operation completed successfully.
+
 ## Key provider management

 A key provider is a system or service responsible for managing encryption keys. `pg_tde` supports the following key providers:
--- a/contrib/pg_tde/documentation/docs/global-key-provider-configuration/set-principal-key.md
+++ b/contrib/pg_tde/documentation/docs/global-key-provider-configuration/set-principal-key.md
@ -4,6 +4,9 @@ You can configure a default principal key using a global key provider. This key

 ## Create a default principal key

+!!! note
+    The sample output below is for demonstration purposes only. Be sure to replace the key name and provider with your actual values.
+
 To create a global principal key, run:

 ```sql
@ -13,6 +16,18 @@ SELECT pg_tde_create_key_using_global_key_provider(
 );
 ```

+??? example "Sample output"
+    ```sql
+        postgres=# SELECT pg_tde_create_key_using_global_key_provider(
+            'keytest1',
+            'file-keyring'
+        );
+        pg_tde_create_key_using_global_key_provider
+        ---------------------------------------------
+
+        (1 row)
+    ```
+
 ## Configure a default principal key

 To configure a global principal key, run:
@ -24,11 +39,26 @@ SELECT pg_tde_set_default_key_using_global_key_provider(
 );
 ```

+??? example "Sample output"
+    ```sql
+        postgres=# SELECT pg_tde_set_default_key_using_global_key_provider(
+            'keytest1',
+            'file-keyring'
+        );
+        pg_tde_set_default_key_using_global_key_provider 
+        --------------------------------------------------
+
+        (1 row)
+    ```
+
 ## Parameter description

 * `key-name` is the name under which the principal key is stored in the provider.
 * `global_vault_provider` is the name of the global key provider you previously configured.

+!!! note
+    If no error is reported, the action completed successfully.
+
 ## How key generation works

 The key material (actual cryptographic key) is auto-generated by `pg_tde` and stored securely by the configured provider.
@ -36,22 +66,6 @@ The key material (actual cryptographic key) is auto-generated by `pg_tde` and st
 !!! note
    This process sets the **default principal key for the entire server**. Any database without a key explicitly configured will fall back to this key.

-## Example
-
-This example is for testing purposes only. Replace the key name and provider name with your values:
-
-```sql
-SELECT pg_tde_create_key_using_global_key_provider(
-    'test-db-master-key',
-    'file-vault'
-);
-
-SELECT pg_tde_set_key_using_global_key_provider(
-    'test-db-master-key',
-    'file-vault'
-);
-```
-
 ## Next steps

 [Validate Encryption with pg_tde :material-arrow-right:](../test.md){.md-button}
--- a/contrib/pg_tde/documentation/docs/how-to/multi-tenant-setup.md
+++ b/contrib/pg_tde/documentation/docs/how-to/multi-tenant-setup.md
@ -8,6 +8,9 @@ For how to enable WAL encryption, refer to the [Configure WAL Encryption :octico

 --8<-- "kms-considerations.md"

+!!! note
+    If no error is reported when running the commands below, the operation completed successfully.
+
 ## Enable extension

 Load the `pg_tde` at startup time. The extension requires additional shared memory; therefore, add the `pg_tde` value for the `shared_preload_libraries` parameter and restart the `postgresql` cluster.