-
Notifications
You must be signed in to change notification settings - Fork 20
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
PG-1013 Added build comparison table, moved features from index to comparison #280
base: main
Are you sure you want to change the base?
Conversation
Performance test results:
|
7cfa16f
to
ec4d32d
Compare
71207a9
to
e78b293
Compare
e78b293
to
2818555
Compare
2818555
to
48e4970
Compare
documentation/docs/features.md
Outdated
| Table encryption: <br> - data tables, <br> - TOAST tables <br> - temporary tables created during the database operation.<br><br> Metadata of those tables is not encrypted. | Table encryption: <br> - data tables, <br> - TOAST tables <br> - temporary tables created during the database operation.<br> - Index data for encrypted tables<br><br> Metadata of those tables is not encrypted. | | ||
| Write-Ahead Log (WAL) encryption of data in encrypted tables | Write-Ahead Log (WAL) encryption of data for encrypted and non-encrypted tables | | ||
| Multi-tenancy support| Multi-tenancy support | | ||
| | Global principal key management | |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd skip "Global principal key management" in this table - it's a necessity for the full WAL encryption rather than a feature.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Updated
documentation/docs/features.md
Outdated
|
||
| PostgreSQL Community version | Percona Server for PostgreSQL version <br> | | ||
|----------------------|-------------------------------| | ||
| Table encryption: <br> - data tables, <br> - TOAST tables <br> - temporary tables created during the database operation.<br><br> Metadata of those tables is not encrypted. | Table encryption: <br> - data tables, <br> - TOAST tables <br> - temporary tables created during the database operation.<br> - Index data for encrypted tables<br><br> Metadata of those tables is not encrypted. | |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd stress somehow "Index data for encrypted tables" (bold text or else) because this is the main reason we started this gig but currently, it's visually concealed among other things in the table
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good point. Updated, moved to the top in the list
* Added event triggers to identify index creation operations on encrypted tables and store those in a custom storage | ||
* Exposed Storage Manager API and added the usage of Initialization vector (IV) in it. | ||
* Added support for secure transfer of keys using the [OASIS Key Management Interoperability Protocol (KMIP)](https://docs.oasis-open.org/kmip/kmip-spec/v2.0/os/kmip-spec-v2.0-os.html). The KMIP implementation was tested with the PyKMIP server and the HashiCorp Vault Enterprise KMIP Secrets Engine. | ||
* Added the `pg_tde_alter_principal_key_keyring('new-provider-name')`function, which copies the principal key to the specified new provider |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Technically speaking, this function doesn't copy the key it just makes it possible to change the key's keyring provider. So the user would have to add a new provider (if it's not in the system yet) and copy the key there "manually" before calling this function...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How to copy the key? I'm about to add this instrcution to the release notes item
* Improved memory usage of `tde_heap_basic `during sequential reads | ||
* Improved `tde_heap_basic` for select statements | ||
* Added encryption support for (some) command line utilities | ||
* JSON data is now handled with internal postgres JSON parser instead of jsonc |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is the same as "Keyring configuration now uses common JSON API. This simplifies code handling and enables frontend tools like pg_waldump
to read the code thus improving debugging."
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Removed
0ba043d
to
377dc27
Compare
…mpaison