8000 PG-1257 Add key deletion funcs to documentation · percona/postgres@5a2c081 · GitHub
[go: up one dir, main page]
Skip to content

Commit 5a2c081

Browse files
artemgavrilovartemgavrilov
committed
PG-1257 Add key deletion funcs to documentation
Add principal key deletion functions to documentation. Fix couple uncertainties on architecture docs page.
1 parent c94be04 commit 5a2c081

File tree

2 files changed

+18
-2
lines changed

2 files changed

+18
-2
lines changed

contrib/pg_tde/documentation/docs/architecture/index.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -305,12 +305,12 @@ You can manage a default key with the following functions:
305305
* `pg_tde_delete_default_key()`
306306

307307
!!! note
308-
`pg_tde_delete_default_key()` is only possible if there's no table currently using the default principal key.
308+
`pg_tde_delete_default_key()` is only possible if there's no database currently using the default principal key.
309309
Changing the default principal key will rotate the encryption of internal keys for all databases using the current default principal key.
310310

311311
#### Delete a key
312312

313-
The `pg_tde_delete_key()` function removes the principal key for the current database. If the current database has any encrypted tables, and there isn’t a default principal key configured, it reports an error instead. If there are encrypted tables, but there’s also a global default principal key, internal keys will be encrypted with the default key.
313+
The `pg_tde_delete_key()` function removes the principal key for the current database. If the current database has any encrypted tables, and there isn’t a default principal key configured, it reports an error instead. If there are encrypted tables, but there’s also a default principal key, internal keys will be encrypted with the default key.
314314

315315
!!! note
316316
WAL keys **cannot** be deleted, as server keys are managed separately.

contrib/pg_tde/documentation/docs/functions.md

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -302,6 +302,22 @@ SELECT pg_tde_set_default_key_using_global_key_provider(
302302
);
303303
```
304304

305+
### pg_tde_delete_key
306+
307+
Deletes the principal key for the current database. If the current database has any encrypted tables, and there isn’t a default principal key configured, it reports an error instead. If there are encrypted tables, but there’s also a default principal key, internal keys will be encrypted with the default key.
308+
309+
```sql
310+
SELECT pg_tde_delete_key();
311+
```
312+
313+
### pg_tde_delete_default_key
314+
315+
Deletes default principal key. It's possible only if no database uses default principal key.
316+
317+
```sql
318+
SELECT pg_tde_delete_default_key();
319+
```
320+
305321
## Encryption status check
306322

307323
### pg_tde_is_encrypted

0 commit comments

Comments
 (0)
0