WAL keyring improvements #238
Conversation
README.md
Outdated
| @@ -65,15 +65,15 @@ FUNCTION pg_tde_add_key_provider_file( | |||
| SELECT pg_tde_add_key_provider_file('file','/tmp/pgkeyring'); | |||
| ``` | |||
| **Note: The `File` provided is intended for development and stores the keys unencrypted in the specified data file.** | |||
| 6. Set the principal key for the database using the `pg_tde_set_principal_key` function. | |||
| 6. Set the principal key for the database using the `pg_tde_set_database_key` function. | |||
There was a problem hiding this comment.
Now actually looking at this change, I don't think this is a good idea. We just agreed to name "master key" to "principal key" in the beta, and then we would rename all public occurrences again to "database key". Documentation / internal code would still say principal key, but the functions that actually deal with the keys would all be using the database key name.
There was a problem hiding this comment.
Yeah, I had the same thoughts tbh. Should we have pg_tde_set_principal_db_key/ pg_tde_set_principal_global_space_key etc. instead?
The renaming is a one part and the other is creating respective functions for global spaces. But then something like pg_tde_set_principal_global_space_key becomes ridiculously long. Having just ...principal_global_key (w/o space) looks a bit confusing. And I'm starting to consider having pg_tde_set_principal_key() with the enum option DATABASE, GLOBAL_SPACE. But I'm not sure.
There was a problem hiding this comment.
On another note, not related to this commit, but it might be a right time to do something about that:
Looking at pg_tde--1.0.sql we have inconsistency with the functions naming there. Most time they are prefixed with pg_tde_ but there are pg_tdeam_handler, pg_td2eam_handler, and pgtde_is_encrypted which don't follow that convention
dAdAbird
force-pushed
the
xlog_keyring
branch
4 times, most recently
from
672d012 to
be3c77f
Compare
documentation/docs/functions.md
Outdated
| @@ -33,43 +33,43 @@ where: | |||
|
|
|||
| All parameters can be either strings, or JSON objects [referencing remote parameters](external-parameters.md). | |||
|
|
|||
| ## pg_tde_set_principal_key | |||
| ## pg_tde_set_database_key | |||
documentation/docs/functions.md
Outdated
|
|
||
| ```sql | ||
| SELECT pg_tde_set_principal_key('name-of-the-principal-key', 'provider-name'); | ||
| SELECT pg_tde_set_database_key('name-of-the-principal-key', 'provider-name'); |
src/catalog/tde_principal_key.c
Outdated
| ensure_new_key = PG_GETARG_BOOL(2); | ||
|
|
||
|
|
||
| ereport(LOG, (errmsg("Rotating principal key to [%s : %s] for the database", new_principal_key_name, new_provider_name))); |
There was a problem hiding this comment.
for the cluster, or maybe explicitly mention global key?
src/catalog/tde_keyring.c
Outdated
| @@ -499,7 +511,23 @@ get_keyring_infofile_path(char* resPath, Oid dbOid, Oid spcOid) | |||
| } | |||
|
|
|||
| Datum | |||
| pg_tde_add_key_provider_internal(PG_FUNCTION_ARGS) | |||
| pg_tde_add_database_key_provider_internal(PG_FUNCTION_ARGS) | |||
There was a problem hiding this comment.
We could avoid all this code duplication with a simple helper function, only 1 line is different in the two variants.
dAdAbird
force-pushed
the
xlog_keyring
branch
2 times, most recently
from
68189fe to
a5378e8
Compare
src/catalog/tde_keyring.c
Outdated
| Oid dbOid = MyDatabaseId; | ||
| Oid spcOid = MyDatabaseTableSpace; | ||
|
|
||
| #ifdef PERCONA_FORK |
There was a problem hiding this comment.
Do we really need this ifdef here?
There was a problem hiding this comment.
Yep, you're right, we can get rid of it: cf02b52
|
|
||
| #ifdef PERCONA_FORK |
There was a problem hiding this comment.
Same question, do we need this ifdef?
... to make room for global tablespace's ones. Also chage signature of the key rotation func
- Move internal keys to the own cache (separate from db's one) - Drop the support of multiple principal keys for the global space
- Rename database key rotation functions to make room for the global space ones. - Now, during the first start, we would create a default temporary key provider for the global space. A user can (and should) create their own key provider afterwards. This allows use the same codepath and internal interfaces for the keyring management across databases and the global space. - Now need to cache the principal key for the global space as we use it only at the server start to decrypt internal key. Then internal key persists in the memory cache. Fixes https://perconadev.atlassian.net/browse/PG-835, https://perconadev.atlassian.net/browse/PG-833
Fixes https://perconadev.atlassian.net/browse/PG-835, https://perconadev.atlassian.net/browse/PG-833