diff --git a/documentation/docs/decrypt.md b/documentation/docs/decrypt.md
index f484d7c0..c29ee6c1 100644
--- a/documentation/docs/decrypt.md
+++ b/documentation/docs/decrypt.md
@@ -4,13 +4,13 @@
If you encrypted a table with the `tde_heap` or `tde_heap_basic` access method and need to decrypt it, run the following command against the desired table (`mytable` in the example below):
-```sql
+```
ALTER TABLE mytable SET access method heap;
```
Check that the table is not encrypted:
-```sql
+```
SELECT pg_tde_is_encrypted('mytable');
```
@@ -20,7 +20,7 @@ The output returns `f` meaning that the table is no longer encrypted.
In the same way you can re-encrypt the data with the `tde_heap_basic` access method.
- ```sql
+ ```
ALTER TABLE mytable SET access method tde_heap_basic;
```
@@ -30,7 +30,7 @@ The output returns `f` meaning that the table is no longer encrypted.
Alternatively, you can create a new unencrypted table with the same structure and data as the initial table. For example, the original encrypted table is `EncryptedCustomers`. Use the following command to create a new table `Customers`:
-```sql
+```
CREATE TABLE Customers AS
SELECT * FROM EncryptedCustomers;
```
@@ -39,6 +39,6 @@ The new table `Customers` inherits the structure and the data from `EncryptedCus
(Optional) If you no longer need the `EncryptedCustomers` table, you can delete it.
-```sql
+```
DROP TABLE EncryptedCustomers;
```
\ No newline at end of file
diff --git a/documentation/docs/external-parameters.md b/documentation/docs/external-parameters.md
index 66824e2c..a27e97b0 100644
--- a/documentation/docs/external-parameters.md
+++ b/documentation/docs/external-parameters.md
@@ -14,7 +14,7 @@ readable to the postgres process.
To use the file provider with a file location specified by the `remote` method,
use the following command:
-```sql
+```
SELECT pg_tde_add_key_provider_file(
'file-provider',
json_object( 'type' VALUE 'remote', 'url' VALUE 'http://localhost:8888/hello' )
@@ -23,7 +23,7 @@ SELECT pg_tde_add_key_provider_file(
Or to use the `file` method, use the following command:
-```sql
+```
SELECT pg_tde_add_key_provider_file(
'file-provider',
json_object( 'type' VALUE 'remote', 'path' VALUE '/tmp/datafile-location' )
diff --git a/documentation/docs/functions.md b/documentation/docs/functions.md
index 62fba177..2ddd4006 100644
--- a/documentation/docs/functions.md
+++ b/documentation/docs/functions.md
@@ -8,7 +8,7 @@ Creates a new key provider for the database using a local file.
This function is intended for development, and stores the keys unencrypted in the specified data file.
-```sql
+```
SELECT pg_tde_add_key_provider_file('provider-name','/path/to/the/keyring/data.file');
```
@@ -20,7 +20,7 @@ Creates a new key provider for the database using a remote HashiCorp Vault serve
The specified access parameters require permission to read and write keys at the location.
-```sql
+```
SELECT pg_tde_add_key_provider_vault_v2('provider-name',:'secret_token','url','mount','ca_path');
```
@@ -41,7 +41,7 @@ The principal key name is also used for constructing the name in the provider, f
You can use this function only to a principal key. For changes in the principal key, use the [`pg_tde_rotate_principal_key`](#pg_tde_rotate_principal_key) function.
-```sql
+```
SELECT pg_tde_set_principal_key('name-of-the-principal-key', 'provider-name');
```
@@ -52,19 +52,19 @@ Creates a new version of the specified principal key and updates the database so
When used without any parameters, the function will just create a new version of the current database
principal key, using the same provider:
-```sql
+```
SELECT pg_tde_rotate_principal_key();
```
Alternatively, you can pass two parameters to the function, specifying both a new key name and a new provider name:
-```sql
+```
SELECT pg_tde_rotate_principal_key('name-of-the-new-principal-key', 'name-of-the-new-provider');
```
Both parameters support the `NULL` value, which means that the parameter won't be changed:
-```sql
+```
-- creates new principal key on the same provider as before
SELECT pg_tde_rotate_principal_key('name-of-the-new-principal-key', NULL);
@@ -76,7 +76,7 @@ SELECT pg_tde_rotate_principal_key(NULL, 'name-of-the-new-provider');
Tells if a table is using the `pg_tde` access method or not.
-```sql
+```
SELECT pg_tde_is_encrypted('table_name');
```
diff --git a/documentation/docs/setup.md b/documentation/docs/setup.md
index 1904b509..bd4ce103 100644
--- a/documentation/docs/setup.md
+++ b/documentation/docs/setup.md
@@ -6,7 +6,7 @@ Load the `pg_tde` at the start time. The extension requires additional shared me
1. Use the [ALTER SYSTEM](https://www.postgresql.org/docs/current/sql-altersystem.html) command from `psql` terminal to modify the `shared_preload_libraries` parameter.
- ```sql
+ ```
ALTER SYSTEM SET shared_preload_libraries = 'pg_tde';
```
@@ -14,19 +14,19 @@ Load the `pg_tde` at the start time. The extension requires additional shared me
* On Debian and Ubuntu:
- ```sh
- sudo systemctl restart postgresql.service
+ ```{.bash data-prompt="$"}
+ $ sudo systemctl restart postgresql.service
```
* On RHEL and derivatives
- ```sh
- sudo systemctl restart postgresql-17
+ ```{.bash data-prompt="$"}
+ $ sudo systemctl restart postgresql-17
```
3. Create the extension using the [CREATE EXTENSION](https://www.postgresql.org/docs/current/sql-createextension.html) command. You must have the privileges of a superuser or a database owner to use this command. Connect to `psql` as a superuser for a database and run the following command:
- ```sql
+ ```
CREATE EXTENSION pg_tde;
```
@@ -46,7 +46,7 @@ Load the `pg_tde` at the start time. The extension requires additional shared me
=== "With HashiCorp Vault"
- ```sql
+ ```
SELECT pg_tde_add_key_provider_vault_v2('provider-name',:'secret_token','url','mount','ca_path');
```
@@ -62,26 +62,26 @@ Load the `pg_tde` at the start time. The extension requires additional shared me
This setup is intended for development and stores the keys unencrypted in the specified data file.
- ```sql
+ ```
SELECT pg_tde_add_key_provider_file('provider-name','/path/to/the/keyring/data.file');
```
:material-information: Warning: Example for testing purposes only:
- ```sql
+ ```
SELECT pg_tde_add_key_provider_file('file-vault','/tmp/pg_tde_test_local_keyring.per');
```
2. Add a principal key
- ```sql
+ ```
SELECT pg_tde_set_principal_key('name-of-the-principal-key', 'provider-name');
```
:material-information: Warning: Example for testing purposes only:
- ```sql
+ ```
SELECT pg_tde_set_principal_key('test-db-master-key','file-vault');
```
@@ -98,7 +98,7 @@ Now you need to instruct `pg_tde ` to encrypt WAL files by configuring WAL encry
1. Use the `ALTER SYSTEM SET` command. You need the privileges of the superuser to run this command:
- ```sql
+ ```
ALTER SYSTEM set pg_tde.wal_encrypt = on;
```
@@ -106,14 +106,14 @@ Now you need to instruct `pg_tde ` to encrypt WAL files by configuring WAL encry
* On Debian and Ubuntu:
- ```sh
- sudo systemctl restart postgresql.service
+ ```{.bash data-prompt="$"}
+ $ sudo systemctl restart postgresql.service
```
* On RHEL and derivatives
- ```sh
- sudo systemctl restart postgresql-17
+ ```{.bash data-prompt="$"}
+ $ sudo systemctl restart postgresql-17
```
On the server start
diff --git a/documentation/docs/test.md b/documentation/docs/test.md
index 8ad77891..c0936e90 100644
--- a/documentation/docs/test.md
+++ b/documentation/docs/test.md
@@ -10,13 +10,13 @@ Here's how to do it:
1. Create a table in the database for which you have [enabled `pg_tde`](setup.md) using the `tde_heap` access method as follows:
- ```sql
+ ```
CREATE TABLE ( ) USING tde_heap;
```
:material-information: Warning: Example for testing purposes only:
- ```sql
+ ```
CREATE TABLE albums (
album_id INTEGER GENERATED ALWAYS AS IDENTITY PRIMARY KEY,
artist_id INTEGER,
@@ -29,7 +29,7 @@ Here's how to do it:
2. To check if the data is encrypted, run the following function:
- ```sql
+ ```
SELECT pg_tde_is_encrypted('table_name');
```
@@ -37,7 +37,7 @@ Here's how to do it:
3. Rotate the principal key when needed:
- ```sql
+ ```
SELECT pg_tde_rotate_principal_key(); -- uses automatic key versionin
-- or
SELECT pg_tde_rotate_principal_key('new-principal-key', NULL); -- specify new key name
@@ -47,8 +47,8 @@ Here's how to do it:
4. You can encrypt an existing table. It requires rewriting the table, so for large tables, it might take a considerable amount of time.
- ```sql
- ALTER TABLE table_name SET access method tde_heap;
+ ```
+ ALTER TABLE table_name SET access method tde_heap;
```
!!! hint
diff --git a/documentation/docs/uninstall.md b/documentation/docs/uninstall.md
index 2c196a91..dafe9fd9 100644
--- a/documentation/docs/uninstall.md
+++ b/documentation/docs/uninstall.md
@@ -8,7 +8,7 @@ Here's how to do it:
:material-alert: Warning: The use of the CASCADE parameter deletes all tables that were created in the database with `pg_tde` enabled and also all dependencies upon the encrypted table (e.g. foreign keys in a non-encrypted table used in the encrypted one).
- ```sql
+ ```
DROP EXTENSION pg_tde CASCADE
```
@@ -16,16 +16,16 @@ Here's how to do it:
3. Modify the `shared_preload_libraries` and remove the 'pg_tde' from it. Use the `ALTER SYSTEM SET` command for this purpose
-4. Start or restart the `postgresql` instance to apply the changes.
+4. Start or restart the `postgre` instance to apply the changes.
* On Debian and Ubuntu:
```sh
- sudo systemctl restart postgresql.service
+ sudo systemctl restart postgre.service
```
* On RHEL and derivatives
```sh
- sudo systemctl restart postgresql-17
+ sudo systemctl restart postgre-17
```