PG-1457 Rename principal key on user API level to just a key #154
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…rver_principal_key
jeltz
reviewed
Mar 20, 2025
| @@ -201,12 +201,12 @@ Use these functions to create a new principal key for a specific scope such as a | |||
|
|
|||
| Princial keys are stored on key providers by the name specified in this function - for example, when using the Vault provider, after creating a key named "foo", a key named "foo" will be visible on the Vault server at the specified mount point. | |||
|
|
|||
| ### pg_tde_set_principal_key | |||
| ### | |||
There was a problem hiding this comment.
You accidentally deleted this.
There was a problem hiding this comment.
Yep
BTW this PR is made on top of #126
So it contains a lot of commits from there, please review 126 first
artemgavrilov
changed the base branch from
release-17.4
to
PG-1457-key-management-funcs-renaming
nastena1606
temporarily deployed
to
PG-1457-rename-principal-key - tde-RC PR #154
Render
Destroyed
artemgavrilov
requested review from
nastena1606,
dutow and
dAdAbird
as code owners
nastena1606
reviewed
Mar 20, 2025
| @@ -201,12 +201,12 @@ Use these functions to create a new principal key for a specific scope such as a | |||
|
|
|||
| Princial keys are stored on key providers by the name specified in this function - for example, when using the Vault provider, after creating a key named "foo", a key named "foo" will be visible on the Vault server at the specified mount point. | |||
|
|
|||
| ### pg_tde_set_principal_key_using_database_key_provider | |||
| ### pg_tde_set_key_using_database_key_provider | |||
|
|
|||
| Creates or rotates the principal key for the current database using the specified database key provider and key name. | |||
There was a problem hiding this comment.
Do we keep the notion of a principal key?
There was a problem hiding this comment.
Probably yes. They still principal by meaning, but they are only available to the user.
What do you think @dutow ?
There was a problem hiding this comment.
yes, it is still called principal key, we just simplified the names of the functions.
dAdAbird
approved these changes
Mar 26, 2025
| @@ -85,7 +85,7 @@ TDEXlogCheckSane(void) | |||
| if (key == NULL) | |||
| { | |||
| ereport(ERROR, | |||
| (errmsg("WAL encryption can only be enabled with a properly configured principal key. Disable pg_tde.wal_encrypt and create one using pg_tde_set_server_principal_key_using_global_key_provider() or pg_tde_set_principal_key_using_global_key_provider() before enabling it."))); | |||
| (errmsg("WAL encryption can only be enabled with a properly configured principal key. Disable pg_tde.wal_encrypt and create one using pg_tde_set_server_key_using_global_key_provider() or pg_tde_set_key_using_global_key_provider() before enabling it."))); | |||
There was a problem hiding this comment.
It's not critical but there is an inconsistency - we use parenthesis with function names here but don't use it in pg_tde_map.c and pg_tde_event_capture.c
artemgavrilov
force-pushed
the
PG-1457-key-management-funcs-renaming
branch
from
3b48f45 to
abbcdac
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
PG-1457
This PR replaces
principal keywith just akeyon user API level, as it's the only key that user can directly interact with.This PR is made on top of #126