Create Release Notes for 1.0 (#432)

Added initial files and modifications to include 1.0 release notes to the TOC and variables. Updates: * updated the ToC names to make them in line with style guide * updated variable with new release branch and fixed small release note name * updated ## Release Highlights with topics: * Added tickets * Updated Upgrade considerations
percona · dutow · Jul 3, 2025 · Jun 16, 2025 · Jun 18, 2025 · Jun 18, 2025
commit 85037c48e06841b4bdc7041a8efb86d0ccd0cdb2
@@ -0,0 +1,61 @@
+# pg_tde 1.0 ({{date.GA10}})
+
+The `pg_tde` by Percona extension brings in [Transparent Data Encryption (TDE)](../index/index.md) to PostgreSQL and enables you to keep sensitive data safe and secure.
+
+[Get Started](../install.md){.md-button}
+
+## Release Highlights
+
+* **`pg_tde` 1.0 is now GA (Generally Available)**
+
+And **stable** for encrypting relational data in PostgreSQL using [Transparent Data Encryption (TDE)](../index/index.md). This milestone brings production-level data protection to PostgreSQL workloads.
+
+* **WAL encryption is still in Beta**
+
+The WAL encryption feature is currently still in beta and is not effective unless explicitly enabled. **It is not yet production ready.** Do **not** enable this feature in production environments.
+
+## Upgrade considerations
+
+`pg_tde` {{tdeversion}} is **not** backward compatible with previous `pg_tde` versions, like Release Candidate 2, due to significant changes in code. This means you **cannot** directly upgrade from one version to another. You must do **a clean installation** of `pg_tde`.
+
+## Known issues
+
+* The default `mlock` limit on Rocky Linux 8 for ARM64-based architectures equals the memory page size and is 64 Kb. This results in the child process with `pg_tde` failing to allocate another memory page because the max memory limit is reached by the parent process.
+
+To prevent this, you can change the `mlock` limit to be at least twice bigger than the memory page size:
+
+* temporarily for the current session using the `ulimit -l <value>` command.
+* set a new hard limit in the `/etc/security/limits.conf` file. To do so, you require the superuser privileges.
+
+Adjust the limits with caution since it affects other processes running in your system.
+
+## Changelog
+
+### New Features
+
+- [PG-1257](https://perconadev.atlassian.net/browse/PG-1257) – Added SQL function to remove the current principal key  
+
+### Improvements
+
+- [PG-1617](https://perconadev.atlassian.net/browse/PG-1617) – Removed relation key cache
+- [PG-1635](https://perconadev.atlassian.net/browse/PG-1635) – User-facing TDE functions now return void
+- [PG-1605](https://perconadev.atlassian.net/browse/PG-1605) – Removed undeclared dependencies for `pg_tde_grant_database_key_management_to_role()`
+
+### Bugs Fixed
+
+- [PG-1581](https://perconadev.atlassian.net/browse/PG-1581) – Fixed PostgreSQL crashes on table access when KMIP key is unavailable after restart  
+- [PG-1583](https://perconadev.atlassian.net/browse/PG-1583) – Fixed a crash when dropping the `pg_tde` extension with CASCADE after changing the key provider file  
+- [PG-1585](https://perconadev.atlassian.net/browse/PG-1585) – Fixed the vault provider re-addition that failed after server restart with a new token  
+- [PG-1592](https://perconadev.atlassian.net/browse/PG-1592) – Improve error logs when Server Key Info is requested without being created  
+- [PG-1593](https://perconadev.atlassian.net/browse/PG-1593) – Fixed runtime failures when invalid Vault tokens are allowed during key provider creation
+- [PG-1600](https://perconadev.atlassian.net/browse/PG-1600) – Fixed Postmaster error when dropping a table with an unavailable key provider  
+- [PG-1606](https://perconadev.atlassian.net/browse/PG-1606) – Fixed missing superuser check in role grant function leads to misleading errors  
+- [PG-1607](https://perconadev.atlassian.net/browse/PG-1607) – Improved CA parameter order and surrounding documentation for clearer interpretation
+- [PG-1608](https://perconadev.atlassian.net/browse/PG-1608) – Updated and fixed global key configuration parameters in documentation  
+- [PG-1613](https://perconadev.atlassian.net/browse/PG-1613) – Tested and improved the `pg_tde_change_key_provider` CLI utility
+- [PG-1637](https://perconadev.atlassian.net/browse/PG-1637) – Fixed unused keys in key files which caused issues after OID wraparound  
+- [PG-1651](https://perconadev.atlassian.net/browse/PG-1651) – Fixed the CLI tool when working with Vault key export/import  
+- [PG-1652](https://perconadev.atlassian.net/browse/PG-1652) – Fixed when the server fails to find encryption keys after CLI-based provider change  
+- [PG-1662](https://perconadev.atlassian.net/browse/PG-1662) – Fixed the creation of inconsistent encryption status when altering partitioned tables
+- [PG-1663](https://perconadev.atlassian.net/browse/PG-1663) – Fixed the indexes on partitioned tables which were not encrypted
+- [PG-1700](https://perconadev.atlassian.net/browse/PG-1700) – Fixed the error hint when the principal key is missing
@@ -2,6 +2,8 @@
 
 `pg_tde` extension brings in [Transparent Data Encryption (TDE)](../index/index.md) to PostgreSQL and enables you to keep sensitive data safe and secure.
 
+* [Percona Transparent Database Encryption for PostgreSQL 1.0 ({{date.GA10}})](release-notes-v1.0.md)
+* [pg_tde Release Candidate 2 (RC2) ({{date.RC2}})](rc2.md)
 * [pg_tde Release Candidate 2 (RC2) ({{date.RC2}})](rc2.md)
 * [pg_tde Release Candidate ({{date.RC}})](rc.md)
 * [pg_tde Beta2 (2024-12-16)](beta2.md)

@@ -163,14 +163,14 @@ nav:
   - "Features": features.md 
   - "Overview":
     - "What is Transparent Data Encryption (TDE)?":
-      - "TDE Overview": index/index.md
-      - "TDE Benefits": index/how-tde-helps.md
-      - "How TDE Works": index/how-does-tde-work.md
-      - "Encrypted Data Scope": index/tde-encrypts.md
-      - "Table Access Methods and TDE": index/table-access-method.md
+      - "TDE overview": index/index.md
+      - "TDE benefits": index/how-tde-helps.md
+      - "How TDE works": index/how-does-tde-work.md
+      - "Encrypted data scope": index/tde-encrypts.md
+      - "Table access methods and TDE": index/table-access-method.md
     - "Limitations of TDE": index/tde-limitations.md
-    - "Versions and Supported PostgreSQL Deployments": index/supported-versions.md
-  - "Get Started":
+    - "Versions and supported PostgreSQL deployments": index/supported-versions.md
+  - "Get started":
     - "1. Install pg_tde": install.md
     - "1.1 Via apt": apt.md
     - "1.2 Via yum": yum.md   
@@ -189,7 +189,7 @@ nav:
   - "Technical Reference":
     - "Overview": advanced-topics/index.md
     - "Architecture": architecture/index.md
-    - "GUC Variables": variables.md
+    - "GUC variables": variables.md
     - "Functions": functions.md
     - "Streaming Replication with tde_heap": replication.md
   - "TDE Operations":
@@ -204,8 +204,9 @@ nav:
     - "Decrypt an Encrypted Table": how-to/decrypt.md
     - "Restore an encrypted pg_tde backup": how-to/restore-backups.md
   - faq.md
-  - "Release Notes":
+  - "Release notes":
     - "pg_tde release notes": release-notes/release-notes.md
+    - release-notes/release-notes-v1.0.md
     - release-notes/rc2.md
     - release-notes/rc.md
     - release-notes/beta2.md

@@ -1,9 +1,11 @@
 #Variables used throughout the docs
 
-release: 'RC2'
+tdeversion: '1.0'
+release: '1.0'
 pgversion17: '17.5'
-tdebranch: TDE_REL_17_STABLE
+tdebranch: release-17.5.2
 
 date:
+  GA10: '2025-06-30'
   RC2: '2025-05-29'
   RC: '2025-03-27'