- remove (tech preview)
- remove mentions of WAL being BETA and warning notes
- add WAL tool support to limitations, improve flow, add button to setup
- add limitation regarding WAL shipping standy not supported with WAL encryption
- add mention of open source and enterprise ed being supported for pg_tde
- add none method to basebackup and link to topic
- add Example Patroni configuration for Patroni tool
- improve supported vs unsupported tools section in Limitations
- Fix whitespace
- Make sure to use the right languages
- Do not wrap short SQL queries unnecessarily
- Add missing end of code block
- Add missing semicolon to SQL query
Updated the introduction with the proper extension name, updated the
intro to reflect this. Removed important note about not meant for
production and added the No upgrade warning from previous versions (like
RC2) to GA. Updates:
* removed the block announcement for RC2 at the top of the HTML page in
the intro
* Added the warning note before installation begins too.
* Updated site name to full name.
In set-principal-key.md:
* updated with correct code example using set_server_key_using_global
parameter
* updated note to reflect correct config
In features.md:
* Removed temporary tables feature to clear confusion, removed logical
replication mention, removed WAL encryption as a feature.
In functions.md:
* Added ON FUNCTION for grant/revoke execution
* Modified sensitive info bolded paragraph to important note
* Small modifications to notes display, title cases and text fixes
* added note to Add or modify Vault providers for keeping the same
principal key.
* Added warning for WAL in pg_tde_create_key_using_global_key_provider
In general:
* Removed all logical replication mentions except the FAQ and in RC2
release note.
We removed the ability for the various set_key functions to actually
create new keys and instead have a separate function for that as the API
around "ensure_new_key" was confusing at best.
These helper functions were tricky to use correctly and did not add much
vaule. Emulating a role this way does not really work in PostgreSQL. If
people want this behavior they should use a real role.
Updates to # Global Principal Key Configuration parameter of setting
global key
Rewrote and added correct falste/true parameters for ensure_new_key on set_default_key.
---------
Co-authored-by: Anastasia Alexandrova <anastasia.alexandrova@percona.com>
initial commit, fixes to code presentation
- Updates to kmip with fixes to how we present code (website looks
better now!)
- Updates set-principal-key with similar fixes
- Updated keyring.md with similar fixes
And updated functions for two parameters with updates from 1506
Modified the structure and overall presentation for the users to make it more accessible and future-proof as we improve pg_tde moving forward.
Split big chapters into smaller chunks to improve SEO, renamed a couple of files for better visibility online and cleaned a bit of text.
Integrated changes from:
- https://github.com/percona/postgres/pull/314
- https://github.com/percona/postgres/pull/306
- Commit f636e82
These functions did never really do anything since they added no extra
permissions since you would need to be allowed to grant and revoke
access anyway to call them since they did not use SECURITY DEFINER.
When creating a key provider you can point its configuration towards any
path or network address that PostgreSQL can reach which can be used to
attack the environment of PostgreSQL in way normally only restricted to
superusers (comapre trusted vs untrusted languages). So make the
administration of key providers also follow this convention.
This limits the powers of our multitenancy but since we are not sure yet
about how users want to use our mutlitenancy it is better to start off
restrictive and build a complex solution later.
Since as soon as we have installed pg_tde the database owner can call
any function created by the extension so any database owner can meddle
with any global key provider. The only way to prevent the database owner
to do whatever they want add permissions checks to the C code and here
we keep that check simple by limiting modifying the global key provider
to only the super user.
Additionally we also protect the function for settting the WAL key, for
setting the default key and to be paranoid also the function for using a
global key provider to set the database key. The third is not obvious if
it is necessary or not but I chose to be paranoid and relax that
restirction later once we have demed it to be secure.
Changed the get started to global provider setting
Moved multi-tenant setup to a How to doc
Moved WAL encryption to a separate doc and Get started step
Updated functions description
modified: documentation/docs/apt.md
modified: documentation/docs/functions.md
modified: documentation/docs/install.md
new file: documentation/docs/multi-tenant-setup.md
modified: documentation/docs/setup.md
modified: documentation/docs/switch.md
new file: documentation/docs/wal-encryption.md
modified: documentation/docs/yum.md
modified: documentation/mkdocs.yml
new file: documentation/snippets/kms-considerations.md
To support checking other relation types than tables we removed the
check for the tde_heap access method and just do the following:
relam == 'tde_heap_basic' || GetSMGRRelationKey() != NULL
And to simplify the logic we merge pg_tde_is_encrypted() and
pg_tde_internal_has_key(), which will be an even bigger win once
the tde_heap_basic access method is removed since then we would
only need to check if there is a SMGR key.
- Rename database key rotation functions to make room for the global space ones.
- Now, during the first start, we would create a default temporary key provider for the global space. A user can (and should) create their own key provider afterwards. This allows use the same codepath and internal interfaces for the keyring management across databases and the global space.
- Now need to cache the principal key for the global space as we use it only at the server start to decrypt internal key. Then internal key persists in the memory cache.
Fixes https://perconadev.atlassian.net/browse/PG-835, https://perconadev.atlassian.net/browse/PG-833
* Updating documentation with configuration changes
* Minor updates to improve readability
* Added link to test.md for setup doc
* Added documentation about key rotation and remote parameters
---------
Co-authored-by: Anastasia Alexadrova <anastasia.alexandrova@percona.com>
Dragos Andriciuc