Tech-preview-release-notes (percona#146)

* Tech-preview-release-notes * Unified release notes page for MVP and TP * Changed version naming from TP to Alpha 1 * Fixed punctuation issues
japinli · Apr 1, 2024 · af3d683 · af3d683
1 parent 82ac58a
commit af3d683
Show file tree

Hide file tree

Showing 4 changed files with 50 additions and 3 deletions.
diff --git a/.github/workflows/doc-build.yaml b/.github/workflows/doc-build.yaml
@@ -51,7 +51,7 @@ jobs:
           cd documentation
           mike deploy main -p
           mike set-default main -p
-          mike retitle main "MVP" -p
+          mike retitle main "Alpha1" -p
           
 
 # - name: Install Node.js 14.x

diff --git a/documentation/docs/index.md b/documentation/docs/index.md
@@ -6,6 +6,8 @@
 
     This is the MVP version of the extension and is not meant for production use yet.
 
+[What's new](release-notes/tech-preview.md){.md-button}
+
 ## What's encrypted
 
 `pg_tde` encrypts the following:

diff --git a/documentation/docs/release-notes/release-notes.md b/documentation/docs/release-notes/release-notes.md
@@ -0,0 +1,45 @@
+# pg_tde release notes
+
+ ## Alpha 1 (2024-03-28)
+
+`pg_tde` extension brings in [Transparent Data Encryption (TDE)](tde.md) to PostgreSQL and enables you to keep sensitive data safe and secure.
+
+[Get started](../install.md){.md-button}
+
+## Release Highlights
+
+The technical preview of the extension introduces the following key features:
+
+* You can now rotate master keys used for data encryption. This reduces the risk of long-term exposure to potential attacks and helps you comply with security standards such as GDPR, HIPAA, and PCI DSS.
+
+* You can now configure encryption differently for each database. For example, encrypt specific tables in some databases with different encryption keys while keeping others non-encrypted.
+
+* Keyring configuration has undergone several improvements, namely:
+
+    * You can define separate keyring configuration for each database
+    * You can change keyring configuration dynamically, without having to restart the server
+    * The keyring configuration is now stored in a catalog separately for each database, instead of a configuration file
+    * Avoid storing secrets in the unencrypted catalog by configuring keyring parameters to be read from external sources (file, http(s) request)
+
+## Improvements 
+
+* Renamed the repository and Docker image from `postgres-tde-ext` to `pg_tde`. The extension name remains unchanged
+* Changed the Initialization Vector (IV) calculation of both the data and internal keys
+
+## Bugs fixed
+
+* Fixed toast related crashes
+* Fixed a crash with the DELETE statement 
+* Fixed performance-related issues
+* Fixed a bug where `pg_tde` sent many 404 requests to the Vault server
+* Fixed сompatibility issues with old OpenSSL versions
+* Fixed сompatibility with old Curl versions 
+
+## MVP (2023-12-12)
+
+The Minimum Viable Product (MVP) version introduces the following functionality:
+
+* Encryption of heap tables, including TOAST
+* Encryption keys are stored either in Hashicorp Vault server or in local keyring file (for development) 
+* The key storage is configurable via separate JSON configuration files
+* Replication support
diff --git a/documentation/mkdocs.yml b/documentation/mkdocs.yml
@@ -144,8 +144,8 @@ nav:
     - "Install": "install.md"
     - "Set up": "setup.md"
     - Test TDE: "test.md"
-  - How to:
-    - Configure streaming replication: replication.md
+  - Release notes:
+    - "pg_tde tech preview": release-notes/release-notes.md
   - uninstall.md
   - contribute.md