Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Removed code highlighting for better display in dark mode #359

Merged
merged 2 commits into from
Nov 28, 2024
Merged

Removed code highlighting for better display in dark mode #359

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
2a118e4
Removed code highlighting for better display in dar mode
nastena1606 Nov 25, 2024
0edccdd
Merge branch 'main' into PG-1230-Dark-mode-display
nastena1606 Nov 28, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 5 additions & 5 deletions documentation/docs/decrypt.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,13 +4,13 @@

If you encrypted a table with the `tde_heap` or `tde_heap_basic` access method and need to decrypt it, run the following command against the desired table (`mytable` in the example below):

```sql
```
ALTER TABLE mytable SET access method heap;
```

Check that the table is not encrypted:

```sql
```
SELECT pg_tde_is_encrypted('mytable');
```

Expand All @@ -20,7 +20,7 @@ The output returns `f` meaning that the table is no longer encrypted.

In the same way you can re-encrypt the data with the `tde_heap_basic` access method.

```sql
```
ALTER TABLE mytable SET access method tde_heap_basic;
```

Expand All @@ -30,7 +30,7 @@ The output returns `f` meaning that the table is no longer encrypted.

Alternatively, you can create a new unencrypted table with the same structure and data as the initial table. For example, the original encrypted table is `EncryptedCustomers`. Use the following command to create a new table `Customers`:

```sql
```
CREATE TABLE Customers AS
SELECT * FROM EncryptedCustomers;
```
Expand All @@ -39,6 +39,6 @@ The new table `Customers` inherits the structure and the data from `EncryptedCus

(Optional) If you no longer need the `EncryptedCustomers` table, you can delete it.

```sql
```
DROP TABLE EncryptedCustomers;
```
4 changes: 2 additions & 2 deletions documentation/docs/external-parameters.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ readable to the postgres process.
To use the file provider with a file location specified by the `remote` method,
use the following command:

```sql
```
SELECT pg_tde_add_key_provider_file(
'file-provider',
json_object( 'type' VALUE 'remote', 'url' VALUE 'http://localhost:8888/hello' )
Expand All @@ -23,7 +23,7 @@ SELECT pg_tde_add_key_provider_file(

Or to use the `file` method, use the following command:

```sql
```
SELECT pg_tde_add_key_provider_file(
'file-provider',
json_object( 'type' VALUE 'remote', 'path' VALUE '/tmp/datafile-location' )
Expand Down
14 changes: 7 additions & 7 deletions documentation/docs/functions.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ Creates a new key provider for the database using a local file.

This function is intended for development, and stores the keys unencrypted in the specified data file.

```sql
```
SELECT pg_tde_add_key_provider_file('provider-name','/path/to/the/keyring/data.file');
```

Expand All @@ -20,7 +20,7 @@ Creates a new key provider for the database using a remote HashiCorp Vault serve

The specified access parameters require permission to read and write keys at the location.

```sql
```
SELECT pg_tde_add_key_provider_vault_v2('provider-name',:'secret_token','url','mount','ca_path');
```

Expand All @@ -41,7 +41,7 @@ The principal key name is also used for constructing the name in the provider, f

You can use this function only to a principal key. For changes in the principal key, use the [`pg_tde_rotate_principal_key`](#pg_tde_rotate_principal_key) function.

```sql
```
SELECT pg_tde_set_principal_key('name-of-the-principal-key', 'provider-name');
```

Expand All @@ -52,19 +52,19 @@ Creates a new version of the specified principal key and updates the database so
When used without any parameters, the function will just create a new version of the current database
principal key, using the same provider:

```sql
```
SELECT pg_tde_rotate_principal_key();
```

Alternatively, you can pass two parameters to the function, specifying both a new key name and a new provider name:

```sql
```
SELECT pg_tde_rotate_principal_key('name-of-the-new-principal-key', 'name-of-the-new-provider');
```

Both parameters support the `NULL` value, which means that the parameter won't be changed:

```sql
```
-- creates new principal key on the same provider as before
SELECT pg_tde_rotate_principal_key('name-of-the-new-principal-key', NULL);

Expand All @@ -76,7 +76,7 @@ SELECT pg_tde_rotate_principal_key(NULL, 'name-of-the-new-provider');

Tells if a table is using the `pg_tde` access method or not.

```sql
```
SELECT pg_tde_is_encrypted('table_name');
```

Expand Down
38 changes: 19 additions & 19 deletions documentation/docs/setup.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,27 +6,27 @@ Load the `pg_tde` at the start time. The extension requires additional shared me

1. Use the [ALTER SYSTEM](https://www.postgresql.org/docs/current/sql-altersystem.html) command from `psql` terminal to modify the `shared_preload_libraries` parameter.

```sql
```
ALTER SYSTEM SET shared_preload_libraries = 'pg_tde';
```

2. Start or restart the `postgresql` instance to apply the changes.

* On Debian and Ubuntu:

```sh
sudo systemctl restart postgresql.service
```{.bash data-prompt="$"}
$ sudo systemctl restart postgresql.service
```

* On RHEL and derivatives

```sh
sudo systemctl restart postgresql-17
```{.bash data-prompt="$"}
$ sudo systemctl restart postgresql-17
```

3. Create the extension using the [CREATE EXTENSION](https://www.postgresql.org/docs/current/sql-createextension.html) command. You must have the privileges of a superuser or a database owner to use this command. Connect to `psql` as a superuser for a database and run the following command:

```sql
```
CREATE EXTENSION pg_tde;
```

Expand All @@ -46,7 +46,7 @@ Load the `pg_tde` at the start time. The extension requires additional shared me

=== "With HashiCorp Vault"

```sql
```
SELECT pg_tde_add_key_provider_vault_v2('provider-name',:'secret_token','url','mount','ca_path');
```

Expand All @@ -62,26 +62,26 @@ Load the `pg_tde` at the start time. The extension requires additional shared me

This setup is intended for development and stores the keys unencrypted in the specified data file.

```sql
```
SELECT pg_tde_add_key_provider_file('provider-name','/path/to/the/keyring/data.file');
```

<i warning>:material-information: Warning:</i> Example for testing purposes only:

```sql
```
SELECT pg_tde_add_key_provider_file('file-vault','/tmp/pg_tde_test_local_keyring.per');
```


2. Add a principal key

```sql
```
SELECT pg_tde_set_principal_key('name-of-the-principal-key', 'provider-name');
```

<i warning>:material-information: Warning:</i> Example for testing purposes only:

```sql
```
SELECT pg_tde_set_principal_key('test-db-master-key','file-vault');
```

Expand All @@ -94,22 +94,22 @@ After you [enabled `pg_tde`](#enable-extension) and started the Percona Server f

1. Enable WAL level encryption using the `ALTER SYSTEM SET` command. You need the privileges of the superuser to run this command:

```sql
```
ALTER SYSTEM set pg_tde.wal_encrypt = on;
```

2. Restart the server to apply the changes.

* On Debian and Ubuntu:

```sh
sudo systemctl restart postgresql.service
```{.bash data-prompt="$"}
$ sudo systemctl restart postgresql.service
```

* On RHEL and derivatives

```sh
sudo systemctl restart postgresql-17
```{.bash data-prompt="$"}
$ sudo systemctl restart postgresql-17
```

3. We highly recommend you to create your own keyring and rotate the principal key. This is because the default principal key is created from the local keyfile and is stored unencrypted.
Expand All @@ -118,7 +118,7 @@ After you [enabled `pg_tde`](#enable-extension) and started the Percona Server f

=== "With HashiCorp Vault"

```sql
```
SELECT pg_tde_add_key_provider_vault_v2('PG_TDE_GLOBAL','provider-name',:'secret_token','url','mount','ca_path');
```

Expand All @@ -136,13 +136,13 @@ After you [enabled `pg_tde`](#enable-extension) and started the Percona Server f

This setup is intended for development and stores the keys unencrypted in the specified data file.

```sql
```
SELECT pg_tde_add_key_provider_file('provider-name','/path/to/the/keyring/data.file');
```

4. Rotate the principal key. Don't forget to specify the `PG_TDE_GLOBAL` constant to rotate only the principal key for WAL.

```sql
```
SELECT pg_tde_rotate_principal_key('PG_TDE_GLOBAL', 'new-principal-key', 'provider-name');
```

Expand Down
10 changes: 5 additions & 5 deletions documentation/docs/test.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,13 +12,13 @@ To check if the data is encrypted, do the following:

1. Create a table in the database for which you have [enabled `pg_tde`](setup.md). Enabling `pg_tde` extension creates the table access method `tde_heap`. To enable data encryption, create the table using this access method as follows:

```sql
```
CREATE TABLE <table_name> (<field> <datatype>) USING tde_heap;
```

<i warning>:material-information: Warning:</i> Example for testing purposes only:

```sql
```
CREATE TABLE albums (
album_id INTEGER GENERATED ALWAYS AS IDENTITY PRIMARY KEY,
artist_id INTEGER,
Expand All @@ -29,15 +29,15 @@ To check if the data is encrypted, do the following:

2. Run the following function:

```sql
```
SELECT pg_tde_is_encrypted('table_name');
```

The function returns `t` if the table is encrypted and `f` - if not.

3. Rotate the principal key when needed:

```sql
```
SELECT pg_tde_rotate_principal_key(); -- uses automatic key versionin
-- or
SELECT pg_tde_rotate_principal_key('new-principal-key', NULL); -- specify new key name
Expand All @@ -47,7 +47,7 @@ To check if the data is encrypted, do the following:

4. You can encrypt existing table. It requires rewriting the table, so for large tables, it might take a considerable amount of time.

```sql
```
ALTER TABLE table_name SET access method tde_heap;
```

Expand Down
8 changes: 4 additions & 4 deletions documentation/docs/uninstall.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,24 +8,24 @@ Here's how to do it:

<i warning>:material-alert: Warning:</i> The use of the CASCADE parameter deletes all tables that were created in the database with `pg_tde` enabled and also all dependencies upon the encrypted table (e.g. foreign keys in a non-encrypted table used in the encrypted one).

```sql
```
DROP EXTENSION pg_tde CASCADE
```

2. Run the `DROP EXTENSION` command against every database where you have enabled the `pg_tde` extension

3. Modify the `shared_preload_libraries` and remove the 'pg_tde' from it. Use the `ALTER SYSTEM SET` command for this purpose

4. Start or restart the `postgresql` instance to apply the changes.
4. Start or restart the `postgre` instance to apply the changes.

* On Debian and Ubuntu:

```sh
sudo systemctl restart postgresql.service
sudo systemctl restart postgre.service
```

* On RHEL and derivatives

```sh
sudo systemctl restart postgresql-17
sudo systemctl restart postgre-17
```
Loading