From 22076f9f3f6006fdc1d2720934eb46a7a88329a2 Mon Sep 17 00:00:00 2001 From: Dragos Andriciuc Date: Mon, 16 Jun 2025 12:55:07 +0300 Subject: [PATCH 1/6] updated intro and site name Updated the introduction with the proper extension name, updated the intro to reflect this. Removed important note about not meant for production and added the No upgrade warning from previous versions (like RC2) to GA. Added the warning note before installation begins too. Updated site name to full name. --- contrib/pg_tde/documentation/docs/index.md | 9 +++++---- contrib/pg_tde/documentation/docs/install.md | 6 +++--- contrib/pg_tde/documentation/mkdocs.yml | 2 +- 3 files changed, 9 insertions(+), 8 deletions(-) diff --git a/contrib/pg_tde/documentation/docs/index.md b/contrib/pg_tde/documentation/docs/index.md index 30bf17a431bd2..60fd8404d11a2 100644 --- a/contrib/pg_tde/documentation/docs/index.md +++ b/contrib/pg_tde/documentation/docs/index.md @@ -1,9 +1,10 @@ -# pg_tde Documentation +# Percona Transparent Data Encryption for PostgreSQL documentation -`pg_tde` is the open source, community driven and futureproof PostgreSQL extension that provides Transparent Data Encryption (TDE) to protect data at rest. `pg_tde` ensures that the data stored on disk is encrypted, and that no one can read it without the proper encryption keys, even if they gain access to the physical storage media. +Percona Transparent Data Encryption for PostgreSQL (`pg_tde`) is an open-source, community driven and futureproof PostgreSQL extension that provides Transparent Data Encryption (TDE) to protect data at rest. `pg_tde` ensures that the data stored on disk is encrypted, and that no one can read it without the proper encryption keys, even if they gain access to the physical storage media. -!!! important - This is the {{release}} version of the extension and **it is not meant for production use yet**. We encourage you to use it in testing environments and [provide your feedback](https://forums.percona.com/c/postgresql/pg-tde-transparent-data-encryption-tde/82). +!!! warning "No upgrade path from RC to GA" + There is no safe upgrade path from the previous versions (such as Release Candidate 2) to the General Availability (GA) version of `pg_tde`. + We recommend starting with a **clean installation** for GA deployments. Avoid using RC environments in production. [Overview](index/index.md){.md-button} [Get Started](install.md){.md-button} diff --git a/contrib/pg_tde/documentation/docs/install.md b/contrib/pg_tde/documentation/docs/install.md index 11cc03623c32d..9d66c3076694e 100644 --- a/contrib/pg_tde/documentation/docs/install.md +++ b/contrib/pg_tde/documentation/docs/install.md @@ -1,8 +1,8 @@ # Install pg_tde - +!!! warning "No upgrade path from RC to GA" + There is no safe upgrade path from the previous versions (such as Release Candidate 2) to the General Availability (GA) version of `pg_tde`. + We recommend starting with a **clean installation** for GA deployments. Avoid using RC environments in production. To install `pg_tde`, use one of the following methods: diff --git a/contrib/pg_tde/documentation/mkdocs.yml b/contrib/pg_tde/documentation/mkdocs.yml index 9d542f2156a1c..4eaaacab47de3 100644 --- a/contrib/pg_tde/documentation/mkdocs.yml +++ b/contrib/pg_tde/documentation/mkdocs.yml @@ -1,6 +1,6 @@ # MkDocs general configuration -site_name: pg_tde documentation +site_name: Percona Transparent Data Encryption for PostgreSQL site_description: Documentation site_author: Percona LLC copyright: > From 342d1f9d88738b216136c472c3090b604054a544 Mon Sep 17 00:00:00 2001 From: Dragos Andriciuc Date: Mon, 16 Jun 2025 15:28:42 +0300 Subject: [PATCH 2/6] Update main.html removed the block announcement for RC2 at the top of the HTML page in the intro --- contrib/pg_tde/documentation/_resource/overrides/main.html | 7 ------- 1 file changed, 7 deletions(-) diff --git a/contrib/pg_tde/documentation/_resource/overrides/main.html b/contrib/pg_tde/documentation/_resource/overrides/main.html index 1fca8c3d06631..3cf5dc8d34ff9 100644 --- a/contrib/pg_tde/documentation/_resource/overrides/main.html +++ b/contrib/pg_tde/documentation/_resource/overrides/main.html @@ -3,13 +3,6 @@ -#} {% extends "base.html" %} -{% block announce %} - This is the Release Candidate 2 (RC2) of Percona Transparent Data Encryption (TDE) extension. -

It is not recommended for production environments at this stage.

-

We encourage you to test it and give your feedback. - This will help us improve the product and make it production-ready faster.

-{% endblock %} - {% block scripts %} {{ super() }} From 8665fccc0100d97de897b7eeabca3f35f51bf2b2 Mon Sep 17 00:00:00 2001 From: Dragos Andriciuc Date: Tue, 24 Jun 2025 17:59:20 +0300 Subject: [PATCH 3/6] updated the "No upgrade path from RC to GA" warning Removed parenthesis and replaced with , as it looks cleaner. --- contrib/pg_tde/documentation/docs/install.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/pg_tde/documentation/docs/install.md b/contrib/pg_tde/documentation/docs/install.md index 9d66c3076694e..273bb899cd29c 100644 --- a/contrib/pg_tde/documentation/docs/install.md +++ b/contrib/pg_tde/documentation/docs/install.md @@ -1,7 +1,7 @@ # Install pg_tde !!! warning "No upgrade path from RC to GA" - There is no safe upgrade path from the previous versions (such as Release Candidate 2) to the General Availability (GA) version of `pg_tde`. + There is no safe upgrade path from the previous versions, such as Release Candidate 2, to the General Availability (GA) version of `pg_tde`. We recommend starting with a **clean installation** for GA deployments. Avoid using RC environments in production. To install `pg_tde`, use one of the following methods: From d2a5eb34d117238723cb0b49cd4e62dec6391fc3 Mon Sep 17 00:00:00 2001 From: Dragos Andriciuc Date: Tue, 24 Jun 2025 18:01:47 +0300 Subject: [PATCH 4/6] updated the "No upgrade path from RC to GA" warning Removed parenthesis and replaced with , as it looks cleaner. --- contrib/pg_tde/documentation/docs/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/pg_tde/documentation/docs/index.md b/contrib/pg_tde/documentation/docs/index.md index 60fd8404d11a2..43811f3b102fb 100644 --- a/contrib/pg_tde/documentation/docs/index.md +++ b/contrib/pg_tde/documentation/docs/index.md @@ -3,7 +3,7 @@ Percona Transparent Data Encryption for PostgreSQL (`pg_tde`) is an open-source, community driven and futureproof PostgreSQL extension that provides Transparent Data Encryption (TDE) to protect data at rest. `pg_tde` ensures that the data stored on disk is encrypted, and that no one can read it without the proper encryption keys, even if they gain access to the physical storage media. !!! warning "No upgrade path from RC to GA" - There is no safe upgrade path from the previous versions (such as Release Candidate 2) to the General Availability (GA) version of `pg_tde`. + There is no safe upgrade path from the previous versions, such as Release Candidate 2, to the General Availability (GA) version of `pg_tde`. We recommend starting with a **clean installation** for GA deployments. Avoid using RC environments in production. [Overview](index/index.md){.md-button} From 95e93bf86ba349ed6d49cea57b571a6b53abf6aa Mon Sep 17 00:00:00 2001 From: Dragos Andriciuc Date: Fri, 27 Jun 2025 13:24:37 +0300 Subject: [PATCH 5/6] improved content using feedback updates removed permissions management from architecture and functions fixed port descriptions in multi-tenant and kmip server removed block announcement updated faq with removal of some unneeded future references updated limitations fixed pdf cover page release to 1.0 --- .../_resourcepdf/overrides/main.html | 7 ------ .../documentation/docs/architecture/index.md | 23 +------------------ contrib/pg_tde/documentation/docs/faq.md | 4 +--- .../pg_tde/documentation/docs/functions.md | 9 -------- .../kmip-server.md | 2 +- .../docs/how-to/multi-tenant-setup.md | 2 +- .../docs/index/tde-limitations.md | 7 ++---- .../docs/templates/pdf_cover_page.tpl | 2 +- 8 files changed, 7 insertions(+), 49 deletions(-) diff --git a/contrib/pg_tde/documentation/_resourcepdf/overrides/main.html b/contrib/pg_tde/documentation/_resourcepdf/overrides/main.html index 1fca8c3d06631..3cf5dc8d34ff9 100644 --- a/contrib/pg_tde/documentation/_resourcepdf/overrides/main.html +++ b/contrib/pg_tde/documentation/_resourcepdf/overrides/main.html @@ -3,13 +3,6 @@ -#} {% extends "base.html" %} -{% block announce %} - This is the Release Candidate 2 (RC2) of Percona Transparent Data Encryption (TDE) extension. -

It is not recommended for production environments at this stage.

-

We encourage you to test it and give your feedback. - This will help us improve the product and make it production-ready faster.

-{% endblock %} - {% block scripts %} {{ super() }} diff --git a/contrib/pg_tde/documentation/docs/architecture/index.md b/contrib/pg_tde/documentation/docs/architecture/index.md index 9abd070c4c9eb..c954e7bd72d13 100644 --- a/contrib/pg_tde/documentation/docs/architecture/index.md +++ b/contrib/pg_tde/documentation/docs/architecture/index.md @@ -239,21 +239,17 @@ This is also the reason why it requires a `dbOid` instead of a name, as it has n ### Deleting providers -Providers can be deleted by using the +Providers can be deleted by using the following functions: ```sql pg_tde_delete_database_key_provider(provider_name) pg_tde_delete_global_key_provider(provider_name) ``` -functions. - For database specific providers, the function first checks if the provider is used or not, and the provider is only deleted if it's not used. For global providers, the function checks if the provider is used anywhere, WAL or any specific database, and returns an error if it is. -This somewhat goes against the principle that `pg_tde` should not interact with other databases than the one the user is connected to, but on the other hand, it only does this lookup in the internal `pg_tde` metadata, not in postgres catalogs, so it is a gray zone. Making this check makes more sense than potentially making some databases inaccessible. - ### Listing/querying providers `pg_tde` provides 2 functions to show providers: @@ -263,17 +259,6 @@ This somewhat goes against the principle that `pg_tde` should not interact with These functions return a list of provider names, type and configuration. -### Provider permissions - -`pg_tde` implements access control based on execution rights on the administration functions. - -For keys and providers administration, it provides two pair of functions: - -```sql -pg_tde_GRANT_database_key_management_TO_role -pg_tde_REVOKE_database_key_management_FROM_role -``` - ### Creating and rotating keys Principal keys can be created using the following functions: @@ -325,12 +310,6 @@ The `pg_tde_delete_key()` function removes the principal key for the current dat `pg_tde_verify_key()` checks that the key provider is accessible, that the current principal key can be downloaded from it, and that it is the same as the current key stored in memory - if any of these fail, it reports an appropriate error. -### Key permissions - -Users with management permissions to a specific database `(pg_tde_(grant/revoke)_(global/databse)_key_management_(to/from)_role)` can change the keys for the database, and use the current key functions. This includes creating keys using global providers, if `pg_tde.inherit_global_providers` is enabled. - -Also the `pg_tde_(grant/revoke)_database_key_management_to_role` function deals with only the specific permission for the above function: it allows a user to change the key for the database, but not to modify the provider configuration. - ### Creating encrypted tables To create an encrypted table or modify an existing table to be encrypted, use the following commands: diff --git a/contrib/pg_tde/documentation/docs/faq.md b/contrib/pg_tde/documentation/docs/faq.md index df80bea17f555..1b966b1eb7377 100644 --- a/contrib/pg_tde/documentation/docs/faq.md +++ b/contrib/pg_tde/documentation/docs/faq.md @@ -27,7 +27,7 @@ Using TDE helps you avoid the following risks: If to translate sensitive data to files stored in your database, these are user data in tables, temporary files, WAL files. TDE has you covered encrypting all these files. -`pg_tde` does not encrypt system catalogs yet. This means that statistics data and database metadata are not encrypted. The encryption of system catalogs is planned for future releases. +`pg_tde` does not encrypt system catalogs yet. This means that statistics data and database metadata are not encrypted. ## I use disk-level encryption. Why should I care about TDE? @@ -112,8 +112,6 @@ We advise encrypting the whole database only if all your data is sensitive, like For WAL encryption, AES-CTR-128 is used. -The support of other encryption mechanisms such as AES256 is planned for future releases. Reach out to us with your requirements and usage scenarios of other encryption methods are needed. - ## Is post-quantum encryption supported? No, it's not yet supported. In our implementation we reply on OpenSSL libraries that don't yet support post-quantum encryption. diff --git a/contrib/pg_tde/documentation/docs/functions.md b/contrib/pg_tde/documentation/docs/functions.md index 563d359aa2cf4..5f3eb66276536 100644 --- a/contrib/pg_tde/documentation/docs/functions.md +++ b/contrib/pg_tde/documentation/docs/functions.md @@ -2,15 +2,6 @@ The `pg_tde` extension provides functions for managing different aspects of its operation: -## Permission management - -By default, `pg_tde` is locked down. No one is allowed to do any operations until you grant them permissions. Only superusers may add or alter global key providers. - -However, database owners can run the “view keys” and “set principal key” functions on their own databases. You can delegate these rights to other roles with the following commands: - -* `GRANT EXECUTE` -* `REVOKE EXECUTE` - ## Key provider management A key provider is a system or service responsible for managing encryption keys. `pg_tde` supports the following key providers: diff --git a/contrib/pg_tde/documentation/docs/global-key-provider-configuration/kmip-server.md b/contrib/pg_tde/documentation/docs/global-key-provider-configuration/kmip-server.md index aea589ffb08fb..46d93e7f31a63 100644 --- a/contrib/pg_tde/documentation/docs/global-key-provider-configuration/kmip-server.md +++ b/contrib/pg_tde/documentation/docs/global-key-provider-configuration/kmip-server.md @@ -15,7 +15,7 @@ For testing purposes, you can use a lightweight PyKMIP server, which enables eas SELECT pg_tde_add_global_key_provider_kmip( 'provider-name', 'kmip-IP', - 5696, + `port`, '/path_to/server_certificate.pem', '/path_to/client_cert.pem', '/path_to/client_key.pem' diff --git a/contrib/pg_tde/documentation/docs/how-to/multi-tenant-setup.md b/contrib/pg_tde/documentation/docs/how-to/multi-tenant-setup.md index 247a1878c254b..a772809a6afc5 100644 --- a/contrib/pg_tde/documentation/docs/how-to/multi-tenant-setup.md +++ b/contrib/pg_tde/documentation/docs/how-to/multi-tenant-setup.md @@ -61,7 +61,7 @@ You must do these steps for every database where you have created the extension. For testing purposes, you can use the PyKMIP server which enables you to set up required certificates. To use a real KMIP server, make sure to obtain the valid certificates issued by the key management appliance. ```sql - SELECT pg_tde_add_database_key_provider_kmip('provider-name','kmip-addr', 5696, '/path_to/client_cert.pem', '/path_to/client_key.pem', '/path_to/server_certificate.pem'); + SELECT pg_tde_add_database_key_provider_kmip('provider-name','kmip-addr', `port`, '/path_to/client_cert.pem', '/path_to/client_key.pem', '/path_to/server_certificate.pem'); ``` where: diff --git a/contrib/pg_tde/documentation/docs/index/tde-limitations.md b/contrib/pg_tde/documentation/docs/index/tde-limitations.md index cc10f80519b22..a1d067e7fd3e5 100644 --- a/contrib/pg_tde/documentation/docs/index/tde-limitations.md +++ b/contrib/pg_tde/documentation/docs/index/tde-limitations.md @@ -3,10 +3,7 @@ * Keys in the local keyfile are stored unencrypted. For better security we recommend using the Key management storage. * System tables are currently not encrypted. This means that statistics data and database metadata are currently not encrypted. -* `pg_rewind` doesn't work with encrypted WAL for now. We plan to fix it in future releases. -* `pg_tde` Release candidate is incompatible with `pg_tde`Beta2 due to significant changes in code. There is no direct upgrade flow from one version to another. You must [uninstall](../how-to/uninstall.md) `pg_tde` Beta2 first and then [install](../install.md) and configure the new Release Candidate version. - -!!! important - This is the {{release}} version of the extension and **it is not meant for production use yet**. We encourage you to use it in testing environments and [provide your feedback](https://forums.percona.com/c/postgresql/pg-tde-transparent-data-encryption-tde/82). +* `pg_rewind` doesn't work with encrypted WAL for now. +* No upgrade path from RC to GA, There is no safe upgrade path from the previous versions, such as Release Candidate 2, to the General Availability (GA) version of `pg_tde`. We recommend starting with a **clean installation** for GA deployments. **Avoid** using RC environments in production. [Versions and Supported PostgreSQL Deployments](supported-versions.md){.md-button} diff --git a/contrib/pg_tde/documentation/docs/templates/pdf_cover_page.tpl b/contrib/pg_tde/documentation/docs/templates/pdf_cover_page.tpl index 286838e89fc54..9f4fb22ba71de 100644 --- a/contrib/pg_tde/documentation/docs/templates/pdf_cover_page.tpl +++ b/contrib/pg_tde/documentation/docs/templates/pdf_cover_page.tpl @@ -7,5 +7,5 @@ {% if config.site_description %}

{{ config.site_description }}

{% endif %} -

Release Candidate (2025-03-27)

+

1.0 (2025-06-30)

\ No newline at end of file From 3ec6fe076d4a5710e2c9dce86721578613295b0c Mon Sep 17 00:00:00 2001 From: Dragos Andriciuc Date: Fri, 27 Jun 2025 15:08:41 +0300 Subject: [PATCH 6/6] Update index.md open-source to open source --- contrib/pg_tde/documentation/docs/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/pg_tde/documentation/docs/index.md b/contrib/pg_tde/documentation/docs/index.md index 43811f3b102fb..5f2a091a250ff 100644 --- a/contrib/pg_tde/documentation/docs/index.md +++ b/contrib/pg_tde/documentation/docs/index.md @@ -1,6 +1,6 @@ # Percona Transparent Data Encryption for PostgreSQL documentation -Percona Transparent Data Encryption for PostgreSQL (`pg_tde`) is an open-source, community driven and futureproof PostgreSQL extension that provides Transparent Data Encryption (TDE) to protect data at rest. `pg_tde` ensures that the data stored on disk is encrypted, and that no one can read it without the proper encryption keys, even if they gain access to the physical storage media. +Percona Transparent Data Encryption for PostgreSQL (`pg_tde`) is an open source, community driven and futureproof PostgreSQL extension that provides Transparent Data Encryption (TDE) to protect data at rest. `pg_tde` ensures that the data stored on disk is encrypted, and that no one can read it without the proper encryption keys, even if they gain access to the physical storage media. !!! warning "No upgrade path from RC to GA" There is no safe upgrade path from the previous versions, such as Release Candidate 2, to the General Availability (GA) version of `pg_tde`.