diff --git a/contrib/pg_tde/documentation/docs/functions.md b/contrib/pg_tde/documentation/docs/functions.md index b5c51ec07cd..73f2da208fa 100644 --- a/contrib/pg_tde/documentation/docs/functions.md +++ b/contrib/pg_tde/documentation/docs/functions.md @@ -2,6 +2,9 @@ The `pg_tde` extension provides functions for managing different aspects of its operation: +!!! note + If no error is reported when running the commands below, the operation completed successfully. + ## Key provider management A key provider is a system or service responsible for managing encryption keys. `pg_tde` supports the following key providers: diff --git a/contrib/pg_tde/documentation/docs/global-key-provider-configuration/set-principal-key.md b/contrib/pg_tde/documentation/docs/global-key-provider-configuration/set-principal-key.md index 8bee0e15ca0..1d4e55788d5 100644 --- a/contrib/pg_tde/documentation/docs/global-key-provider-configuration/set-principal-key.md +++ b/contrib/pg_tde/documentation/docs/global-key-provider-configuration/set-principal-key.md @@ -4,6 +4,9 @@ You can configure a default principal key using a global key provider. This key ## Create a default principal key +!!! note + The sample output below is for demonstration purposes only. Be sure to replace the key name and provider with your actual values. + To create a global principal key, run: ```sql @@ -13,6 +16,18 @@ SELECT pg_tde_create_key_using_global_key_provider( ); ``` +??? example "Sample output" + ```sql + postgres=# SELECT pg_tde_create_key_using_global_key_provider( + 'keytest1', + 'file-keyring' + ); + pg_tde_create_key_using_global_key_provider + --------------------------------------------- + + (1 row) + ``` + ## Configure a default principal key To configure a global principal key, run: @@ -24,11 +39,26 @@ SELECT pg_tde_set_default_key_using_global_key_provider( ); ``` +??? example "Sample output" + ```sql + postgres=# SELECT pg_tde_set_default_key_using_global_key_provider( + 'keytest1', + 'file-keyring' + ); + pg_tde_set_default_key_using_global_key_provider + -------------------------------------------------- + + (1 row) + ``` + ## Parameter description * `key-name` is the name under which the principal key is stored in the provider. * `global_vault_provider` is the name of the global key provider you previously configured. +!!! note + If no error is reported, the action completed successfully. + ## How key generation works The key material (actual cryptographic key) is auto-generated by `pg_tde` and stored securely by the configured provider. @@ -36,22 +66,6 @@ The key material (actual cryptographic key) is auto-generated by `pg_tde` and st !!! note This process sets the **default principal key for the entire server**. Any database without a key explicitly configured will fall back to this key. -## Example - -This example is for testing purposes only. Replace the key name and provider name with your values: - -```sql -SELECT pg_tde_create_key_using_global_key_provider( - 'test-db-master-key', - 'file-vault' -); - -SELECT pg_tde_set_key_using_global_key_provider( - 'test-db-master-key', - 'file-vault' -); -``` - ## Next steps [Validate Encryption with pg_tde :material-arrow-right:](../test.md){.md-button} diff --git a/contrib/pg_tde/documentation/docs/how-to/multi-tenant-setup.md b/contrib/pg_tde/documentation/docs/how-to/multi-tenant-setup.md index c20a8f64073..92bc892285a 100644 --- a/contrib/pg_tde/documentation/docs/how-to/multi-tenant-setup.md +++ b/contrib/pg_tde/documentation/docs/how-to/multi-tenant-setup.md @@ -8,6 +8,9 @@ For how to enable WAL encryption, refer to the [Configure WAL Encryption :octico --8<-- "kms-considerations.md" +!!! note + If no error is reported when running the commands below, the operation completed successfully. + ## Enable extension Load the `pg_tde` at startup time. The extension requires additional shared memory; therefore, add the `pg_tde` value for the `shared_preload_libraries` parameter and restart the `postgresql` cluster.