From af3d683e3fa54c72dc65ca86f879043d3eba202a Mon Sep 17 00:00:00 2001 From: Anastasia Alexandrova Date: Mon, 1 Apr 2024 13:21:31 +0200 Subject: [PATCH] Tech-preview-release-notes (#146) * Tech-preview-release-notes * Unified release notes page for MVP and TP * Changed version naming from TP to Alpha 1 * Fixed punctuation issues --- .github/workflows/doc-build.yaml | 2 +- documentation/docs/index.md | 2 + .../docs/release-notes/release-notes.md | 45 +++++++++++++++++++ documentation/mkdocs.yml | 4 +- 4 files changed, 50 insertions(+), 3 deletions(-) create mode 100644 documentation/docs/release-notes/release-notes.md diff --git a/.github/workflows/doc-build.yaml b/.github/workflows/doc-build.yaml index e40fa34fb61..5adcfc0a66d 100644 --- a/.github/workflows/doc-build.yaml +++ b/.github/workflows/doc-build.yaml @@ -51,7 +51,7 @@ jobs: cd documentation mike deploy main -p mike set-default main -p - mike retitle main "MVP" -p + mike retitle main "Alpha1" -p # - name: Install Node.js 14.x diff --git a/documentation/docs/index.md b/documentation/docs/index.md index 248b93773c5..d964f6bf59c 100644 --- a/documentation/docs/index.md +++ b/documentation/docs/index.md @@ -6,6 +6,8 @@ This is the MVP version of the extension and is not meant for production use yet. +[What's new](release-notes/tech-preview.md){.md-button} + ## What's encrypted `pg_tde` encrypts the following: diff --git a/documentation/docs/release-notes/release-notes.md b/documentation/docs/release-notes/release-notes.md new file mode 100644 index 00000000000..067073d13d6 --- /dev/null +++ b/documentation/docs/release-notes/release-notes.md @@ -0,0 +1,45 @@ +# pg_tde release notes + + ## Alpha 1 (2024-03-28) + +`pg_tde` extension brings in [Transparent Data Encryption (TDE)](tde.md) to PostgreSQL and enables you to keep sensitive data safe and secure. + +[Get started](../install.md){.md-button} + +## Release Highlights + +The technical preview of the extension introduces the following key features: + +* You can now rotate master keys used for data encryption. This reduces the risk of long-term exposure to potential attacks and helps you comply with security standards such as GDPR, HIPAA, and PCI DSS. + +* You can now configure encryption differently for each database. For example, encrypt specific tables in some databases with different encryption keys while keeping others non-encrypted. + +* Keyring configuration has undergone several improvements, namely: + + * You can define separate keyring configuration for each database + * You can change keyring configuration dynamically, without having to restart the server + * The keyring configuration is now stored in a catalog separately for each database, instead of a configuration file + * Avoid storing secrets in the unencrypted catalog by configuring keyring parameters to be read from external sources (file, http(s) request) + +## Improvements + +* Renamed the repository and Docker image from `postgres-tde-ext` to `pg_tde`. The extension name remains unchanged +* Changed the Initialization Vector (IV) calculation of both the data and internal keys + +## Bugs fixed + +* Fixed toast related crashes +* Fixed a crash with the DELETE statement +* Fixed performance-related issues +* Fixed a bug where `pg_tde` sent many 404 requests to the Vault server +* Fixed сompatibility issues with old OpenSSL versions +* Fixed сompatibility with old Curl versions + +## MVP (2023-12-12) + +The Minimum Viable Product (MVP) version introduces the following functionality: + +* Encryption of heap tables, including TOAST +* Encryption keys are stored either in Hashicorp Vault server or in local keyring file (for development) +* The key storage is configurable via separate JSON configuration files +* Replication support \ No newline at end of file diff --git a/documentation/mkdocs.yml b/documentation/mkdocs.yml index 7a982ff411f..3a3fb186418 100644 --- a/documentation/mkdocs.yml +++ b/documentation/mkdocs.yml @@ -144,8 +144,8 @@ nav: - "Install": "install.md" - "Set up": "setup.md" - Test TDE: "test.md" - - How to: - - Configure streaming replication: replication.md + - Release notes: + - "pg_tde tech preview": release-notes/release-notes.md - uninstall.md - contribute.md