Skip to content

Commit

Permalink
Simplify UI w/ overloaded funcs
Browse files Browse the repository at this point in the history
  • Loading branch information
dAdAbird committed Jul 24, 2024
1 parent 8862b16 commit a0f68c3
Show file tree
Hide file tree
Showing 40 changed files with 259 additions and 288 deletions.
4 changes: 2 additions & 2 deletions .github/workflows/postgresql-16-src-meson-perf.yml
Original file line number Diff line number Diff line change
Expand Up @@ -90,8 +90,8 @@ jobs:
bin/createdb sbtest2
bin/createuser sbtest -s
bin/psql sbtest2 <<< "CREATE EXTENSION pg_tde;"
bin/psql sbtest2 <<< "SELECT pg_tde_add_database_key_provider_file('file-vault','/tmp/pg_tde_test_keyring.per');"
bin/psql sbtest2 <<< "SELECT pg_tde_set_database_principal_key('test-db-principal-key','file-vault');"
bin/psql sbtest2 <<< "SELECT pg_tde_add_key_provider_file('file-vault','/tmp/pg_tde_test_keyring.per');"
bin/psql sbtest2 <<< "SELECT pg_tde_set_principal_key('test-db-principal-key','file-vault');"
cp -r ../src/contrib/pg_tde/sysbench .
working-directory: inst

Expand Down
12 changes: 6 additions & 6 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -47,33 +47,33 @@ CREATE EXTENSION pg_tde;

```sql
-- For Vault-V2 key provider
pg_tde_add_database_key_provider_vault_v2(
pg_tde_add_key_provider_vault_v2(
provider_name VARCHAR(128),
vault_token TEXT,
vault_url TEXT,
vault_mount_path TEXT,
vault_ca_path TEXT);

-- For File key provider
FUNCTION pg_tde_add_database_key_provider_file(
FUNCTION pg_tde_add_key_provider_file(
provider_name VARCHAR(128),
file_path TEXT);

```
**Example**: Add a `File` key provider and name it `file`.
```sql
SELECT pg_tde_add_database_key_provider_file('file','/tmp/pgkeyring');
SELECT pg_tde_add_key_provider_file('file','/tmp/pgkeyring');
```
**Note: The `File` provided is intended for development and stores the keys unencrypted in the specified data file.**
6. Set the principal key for the database using the `pg_tde_set_database_principal_key` function.
6. Set the principal key for the database using the `pg_tde_set_principal_key` function.
```sql
FUNCTION pg_tde_set_database_principal_key (
FUNCTION pg_tde_set_principal_key (
principal_key_name VARCHAR(255),
provider_name VARCHAR(255));
```
**Example**: Set the principal key named `my-principal-key` using the `file` as a key provider.
```sql
SELECT pg_tde_set_database_principal_key('my-principal-key','file');
SELECT pg_tde_set_principal_key('my-principal-key','file');
```

7. You are all set to create encrypted tables. For that, specify `USING pg_tde_basic` access method in the `CREATE TABLE` statement.
Expand Down
16 changes: 8 additions & 8 deletions documentation/docs/functions.md
Original file line number Diff line number Diff line change
Expand Up @@ -33,43 +33,43 @@ where:

All parameters can be either strings, or JSON objects [referencing remote parameters](external-parameters.md).

## pg_tde_set_database_key
## pg_tde_set_principal_key

Sets the principal key for the database using the specified key provider.

The principal key name is also used for constructing the name in the provider, for example on the remote Vault server.

You can use this function only to a principal key. For changes in the principal key, use the [`pg_tde_rotate_database_key`](#pg_tde_rotate_database_key) function.
You can use this function only to a principal key. For changes in the principal key, use the [`pg_tde_rotate_principal_key`](#pg_tde_rotate_principal_key) function.

```sql
SELECT pg_tde_set_database_key('name-of-the-principal-key', 'provider-name');
SELECT pg_tde_set_principal_key('name-of-the-principal-key', 'provider-name');
```

## pg_tde_rotate_database_key
## pg_tde_rotate_principal_key

Creates a new version of the specified principal key and updates the database so that it uses the new principal key version.

When used without any parameters, the function will just create a new version of the current database
principal key, using the same provider:

```sql
SELECT pg_tde_rotate_database_key();
SELECT pg_tde_rotate_principal_key();
```

Alternatively, you can pass two parameters to the function, specifying both a new key name and a new provider name:

```sql
SELECT pg_tde_rotate_database_key('name-of-the-new-principal-key', 'name-of-the-new-provider');
SELECT pg_tde_rotate_principal_key('name-of-the-new-principal-key', 'name-of-the-new-provider');
```

Both parameters support the `NULL` value, which means that the parameter won't be changed:

```sql
-- creates new principal key on the same provider as before
SELECT pg_tde_rotate_database_key('name-of-the-new-principal-key', NULL);
SELECT pg_tde_rotate_principal_key('name-of-the-new-principal-key', NULL);

-- copies the current principal key to a new provider
SELECT pg_tde_rotate_database_key(NULL, 'name-of-the-new-provider');
SELECT pg_tde_rotate_principal_key(NULL, 'name-of-the-new-provider');
```

## pg_tde_is_encrypted
Expand Down
2 changes: 1 addition & 1 deletion documentation/docs/setup.md
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@ Load the `pg_tde` at the start time. The extension requires additional shared me
5. Add a principal key

```sql
SELECT pg_tde_set_database_key('name-of-the-principal-key', 'provider-name');
SELECT pg_tde_set_principal_key('name-of-the-principal-key', 'provider-name');
```

<i info>:material-information: Info:</i> The key provider configuration is stored in the database catalog in an unencrypted table. See [how to use external reference to parameters](external-parameters.md) to add an extra security layer to your setup.
Expand Down
6 changes: 3 additions & 3 deletions documentation/docs/test.md
Original file line number Diff line number Diff line change
Expand Up @@ -27,9 +27,9 @@ To check if the data is encrypted, do the following:
3. Rotate the principal key when needed:

```sql
SELECT pg_tde_rotate_database_key(); -- uses automatic key versionin
SELECT pg_tde_rotate_principal_key(); -- uses automatic key versionin
-- or
SELECT pg_tde_rotate_database_key('new-principal-key', NULL); -- specify new key name
SELECT pg_tde_rotate_principal_key('new-principal-key', NULL); -- specify new key name
-- or
SELECT pg_tde_rotate_database_key('new-principal-key', 'new-provider'); -- change provider
SELECT pg_tde_rotate_principal_key('new-principal-key', 'new-provider'); -- change provider
```
14 changes: 7 additions & 7 deletions expected/change_access_method.out
Original file line number Diff line number Diff line change
@@ -1,13 +1,13 @@
CREATE EXTENSION pg_tde;
SELECT pg_tde_add_database_key_provider_file('file-vault','/tmp/pg_tde_test_keyring.per');
pg_tde_add_database_key_provider_file
---------------------------------------
1
SELECT pg_tde_add_key_provider_file('file-vault','/tmp/pg_tde_test_keyring.per');
pg_tde_add_key_provider_file
------------------------------
1
(1 row)

SELECT pg_tde_set_database_principal_key('test-db-principal-key','file-vault');
pg_tde_set_database_principal_key
-----------------------------------
SELECT pg_tde_set_principal_key('test-db-principal-key','file-vault');
pg_tde_set_principal_key
--------------------------
t
(1 row)

Expand Down
14 changes: 7 additions & 7 deletions expected/insert_update_delete.out
Original file line number Diff line number Diff line change
@@ -1,13 +1,13 @@
CREATE EXTENSION pg_tde;
SELECT pg_tde_add_database_key_provider_file('file-vault','/tmp/pg_tde_test_keyring.per');
pg_tde_add_database_key_provider_file
---------------------------------------
1
SELECT pg_tde_add_key_provider_file('file-vault','/tmp/pg_tde_test_keyring.per');
pg_tde_add_key_provider_file
------------------------------
1
(1 row)

SELECT pg_tde_set_database_principal_key('test-db-principal-key','file-vault');
pg_tde_set_database_principal_key
-----------------------------------
SELECT pg_tde_set_principal_key('test-db-principal-key','file-vault');
pg_tde_set_principal_key
--------------------------
t
(1 row)

Expand Down
30 changes: 15 additions & 15 deletions expected/keyprovider_dependency.out
Original file line number Diff line number Diff line change
@@ -1,25 +1,25 @@
CREATE EXTENSION pg_tde;
SELECT pg_tde_add_database_key_provider_file('mk-file','/tmp/pg_tde_test_keyring.per');
pg_tde_add_database_key_provider_file
---------------------------------------
1
SELECT pg_tde_add_key_provider_file('mk-file','/tmp/pg_tde_test_keyring.per');
pg_tde_add_key_provider_file
------------------------------
1
(1 row)

SELECT pg_tde_add_database_key_provider_file('free-file','/tmp/pg_tde_test_keyring_2.per');
pg_tde_add_database_key_provider_file
---------------------------------------
2
SELECT pg_tde_add_key_provider_file('free-file','/tmp/pg_tde_test_keyring_2.per');
pg_tde_add_key_provider_file
------------------------------
2
(1 row)

SELECT pg_tde_add_database_key_provider_vault_v2('V2-vault','vault-token','percona.com/vault-v2/percona','/mount/dev','ca-cert-auth');
pg_tde_add_database_key_provider_vault_v2
-------------------------------------------
3
SELECT pg_tde_add_key_provider_vault_v2('V2-vault','vault-token','percona.com/vault-v2/percona','/mount/dev','ca-cert-auth');
pg_tde_add_key_provider_vault_v2
----------------------------------
3
(1 row)

SELECT pg_tde_set_database_principal_key('test-db-principal-key','mk-file');
pg_tde_set_database_principal_key
-----------------------------------
SELECT pg_tde_set_principal_key('test-db-principal-key','mk-file');
pg_tde_set_principal_key
--------------------------
t
(1 row)

Expand Down
14 changes: 7 additions & 7 deletions expected/move_large_tuples.out
Original file line number Diff line number Diff line change
@@ -1,14 +1,14 @@
-- test pg_tde_move_encrypted_data()
CREATE EXTENSION pg_tde;
SELECT pg_tde_add_database_key_provider_file('file-vault','/tmp/pg_tde_test_keyring.per');
pg_tde_add_database_key_provider_file
---------------------------------------
1
SELECT pg_tde_add_key_provider_file('file-vault','/tmp/pg_tde_test_keyring.per');
pg_tde_add_key_provider_file
------------------------------
1
(1 row)

SELECT pg_tde_set_database_principal_key('test-db-principal-key','file-vault');
pg_tde_set_database_principal_key
-----------------------------------
SELECT pg_tde_set_principal_key('test-db-principal-key','file-vault');
pg_tde_set_principal_key
--------------------------
t
(1 row)

Expand Down
14 changes: 7 additions & 7 deletions expected/multi_insert.out
Original file line number Diff line number Diff line change
@@ -1,15 +1,15 @@
-- trigger multi_insert path
--
CREATE EXTENSION pg_tde;
SELECT pg_tde_add_database_key_provider_file('file-vault','/tmp/pg_tde_test_keyring.per');
pg_tde_add_database_key_provider_file
---------------------------------------
1
SELECT pg_tde_add_key_provider_file('file-vault','/tmp/pg_tde_test_keyring.per');
pg_tde_add_key_provider_file
------------------------------
1
(1 row)

SELECT pg_tde_set_database_principal_key('test-db-principal-key','file-vault');
pg_tde_set_database_principal_key
-----------------------------------
SELECT pg_tde_set_principal_key('test-db-principal-key','file-vault');
pg_tde_set_principal_key
--------------------------
t
(1 row)

Expand Down
14 changes: 7 additions & 7 deletions expected/non_sorted_off_compact.out
Original file line number Diff line number Diff line change
@@ -1,15 +1,15 @@
-- A test case for https://github.com/Percona-Lab/pg_tde/pull/21
--
CREATE EXTENSION pg_tde;
SELECT pg_tde_add_database_key_provider_file('file-vault','/tmp/pg_tde_test_keyring.per');
pg_tde_add_database_key_provider_file
---------------------------------------
1
SELECT pg_tde_add_key_provider_file('file-vault','/tmp/pg_tde_test_keyring.per');
pg_tde_add_key_provider_file
------------------------------
1
(1 row)

SELECT pg_tde_set_database_principal_key('test-db-principal-key','file-vault');
pg_tde_set_database_principal_key
-----------------------------------
SELECT pg_tde_set_principal_key('test-db-principal-key','file-vault');
pg_tde_set_principal_key
--------------------------
t
(1 row)

Expand Down
18 changes: 9 additions & 9 deletions expected/pg_tde_is_encrypted.out
Original file line number Diff line number Diff line change
@@ -1,16 +1,16 @@
CREATE EXTENSION pg_tde;
SELECT * FROM pg_tde_database_principal_key_info();
SELECT * FROM pg_tde_principal_key_info();
ERROR: Principal key does not exists for the database
HINT: Use set_principal_key interface to set the principal key
SELECT pg_tde_add_database_key_provider_file('file-vault','/tmp/pg_tde_test_keyring.per');
pg_tde_add_database_key_provider_file
---------------------------------------
1
SELECT pg_tde_add_key_provider_file('file-vault','/tmp/pg_tde_test_keyring.per');
pg_tde_add_key_provider_file
------------------------------
1
(1 row)

SELECT pg_tde_set_database_principal_key('test-db-principal-key','file-vault');
pg_tde_set_database_principal_key
-----------------------------------
SELECT pg_tde_set_principal_key('test-db-principal-key','file-vault');
pg_tde_set_principal_key
--------------------------
t
(1 row)

Expand Down Expand Up @@ -49,7 +49,7 @@ SELECT pg_tde_is_encrypted('test_norm');
(1 row)

SELECT key_provider_id, key_provider_name, principal_key_name
FROM pg_tde_database_principal_key_info();
FROM pg_tde_principal_key_info();
key_provider_id | key_provider_name | principal_key_name
-----------------+-------------------+-----------------------
1 | file-vault | test-db-principal-key
Expand Down
16 changes: 8 additions & 8 deletions expected/test_issue_153_fix.out
Original file line number Diff line number Diff line change
@@ -1,17 +1,17 @@
CREATE EXTENSION pg_tde;
SET datestyle TO 'iso, dmy';
SELECT * FROM pg_tde_database_principal_key_info();
SELECT * FROM pg_tde_principal_key_info();
ERROR: Principal key does not exists for the database
HINT: Use set_principal_key interface to set the principal key
SELECT pg_tde_add_database_key_provider_file('file-ring','/tmp/pg_tde_test_keyring.per');
pg_tde_add_database_key_provider_file
---------------------------------------
1
SELECT pg_tde_add_key_provider_file('file-ring','/tmp/pg_tde_test_keyring.per');
pg_tde_add_key_provider_file
------------------------------
1
(1 row)

SELECT pg_tde_set_database_principal_key('test-db-principal-key','file-ring');
pg_tde_set_database_principal_key
-----------------------------------
SELECT pg_tde_set_principal_key('test-db-principal-key','file-ring');
pg_tde_set_principal_key
--------------------------
t
(1 row)

Expand Down
14 changes: 7 additions & 7 deletions expected/toast_decrypt.out
Original file line number Diff line number Diff line change
@@ -1,13 +1,13 @@
CREATE EXTENSION pg_tde;
SELECT pg_tde_add_database_key_provider_file('file-vault','/tmp/pg_tde_test_keyring.per');
pg_tde_add_database_key_provider_file
---------------------------------------
1
SELECT pg_tde_add_key_provider_file('file-vault','/tmp/pg_tde_test_keyring.per');
pg_tde_add_key_provider_file
------------------------------
1
(1 row)

SELECT pg_tde_set_database_principal_key('test-db-principal-key','file-vault');
pg_tde_set_database_principal_key
-----------------------------------
SELECT pg_tde_set_principal_key('test-db-principal-key','file-vault');
pg_tde_set_principal_key
--------------------------
t
(1 row)

Expand Down
14 changes: 7 additions & 7 deletions expected/toast_extended_storage.out
Original file line number Diff line number Diff line change
@@ -1,14 +1,14 @@
-- test https://github.com/Percona-Lab/pg_tde/issues/63
CREATE EXTENSION pg_tde;
SELECT pg_tde_add_database_key_provider_file('file-vault','/tmp/pg_tde_test_keyring.per');
pg_tde_add_database_key_provider_file
---------------------------------------
1
SELECT pg_tde_add_key_provider_file('file-vault','/tmp/pg_tde_test_keyring.per');
pg_tde_add_key_provider_file
------------------------------
1
(1 row)

SELECT pg_tde_set_database_principal_key('test-db-principal-key','file-vault');
pg_tde_set_database_principal_key
-----------------------------------
SELECT pg_tde_set_principal_key('test-db-principal-key','file-vault');
pg_tde_set_principal_key
--------------------------
t
(1 row)

Expand Down
Loading

0 comments on commit a0f68c3

Please sign in to comment.