PG-1013 Added build comparison table, moved features from index to co…

…mparison, created Beta2 release notes (#280)

* PG-1013 Added build comparison table, moved features from index to compaison

documentation/docs/apt.md

@@ -11,7 +11,8 @@ This tutorial shows how to install `pg_tde` with [Percona Distribution for Postg
 1. Debian and other systems that use the `apt` package manager include the upstream PostgreSQL server package (`postgresql-{{pgversion17}}`) by default. You need to uninstall this package before you install Percona Server for PostgreSQL and `pg_tde` to avoid conflicts.
 2. You need the `percona-release` repository management tool that enables the desired Percona repository for you.
 
-## Install `percona-release`
+
+### Install `percona-release`
 
 1. You need the following dependencies to install `percona-release`:
 

documentation/docs/features.md

@@ -0,0 +1,18 @@
+# Features
+
+We provide `pg_tde` in two versions for both PostgreSQL Community and [Percona Server for PostgreSQL](https://docs.percona.com/postgresql/17/). The difference between the versions is in the set of included features which in its turn depends on the Storage Manager API. While PostgreSQL Community uses the default Storage Manager API, Percona Server for PostgreSQL extends the Storage Manager API enabling to integrate custom storage managers.
+
+The following table provides features available for each version:
+
+| PostgreSQL Community version  | Percona Server for PostgreSQL version <br> |
+|----------------------|-------------------------------|
+| Table encryption: <br> - data tables, <br> - TOAST tables <br> - temporary tables created during the database operation.<br><br> Metadata of those tables is not encrypted. | Table encryption: <br> - data tables, <br> - **Index data for encrypted tables**, <br> - TOAST tables, <br> - temporary tables created during the database operation.<br><br> Metadata of those tables is not encrypted.  |
+| Write-Ahead Log (WAL) encryption of data in encrypted tables | **Global** Write-Ahead Log (WAL) encryption: for data in encrypted and non-encrypted tables  |
+| Multi-tenancy support| Multi-tenancy support |
+| Table-level granularity |Table-level granularity | 
+| Key management via: <br> - HashiCorp Vault; <br> - Local keyfile | Key management via: <br> - HashiCorp Vault; <br> - KMIP server; <br> - Local keyfile|
+| | Logical replication of encrypted tables | 
+
+
+
+[Get started](install.md){.md-button}

documentation/docs/index.md

@@ -8,20 +8,21 @@ Lear more [what is Transparent Data Encryption](tde.md#how-does-it-work) and [wh
 
 !!! important 
 
-    This extension is in the experimental phase and is under active development. It is not meant for production use yet. 
+    This is the {{release}} version of the extension and it is not meant for production use yet. We encourage you to use it in testing environments and [provide your feedback](https://forums.percona.com/c/postgresql/pg-tde-transparent-data-encryption-tde/82). 
 
-[What's new ](release-notes/release-notes.md){.md-button}
+[Get started](install.md){.md-button}
+[What's new in pg_tde {{release}}](release-notes/release-notes.md){.md-button}
 
 ## What's encrypted:
 
-`pg_tde` encrypts the following:
-
 * User data in tables, including TOAST tables, that are created using the extension. Metadata of those tables is not encrypted. 
 * Temporary tables created during the database operation for data tables created using the extension
 * Write-Ahead Log (WAL) data for the entire database cluster. This includes WAL data in encrypted and non-encrypted tables
 * Indexes on encrypted tables 
 * Logical replication on encrypted tables
 
+[Check the full feature list](features.md){.md-button}
+
 ## Known limitations
 
 * Keys in the local keyfile are stored unencrypted. For better security we recommend using the Key management storage. 
@@ -41,7 +42,7 @@ The `pg_tde` extension comes in two distinct versions with specific access metho
 
 * **Version for Percona Server for PostgreSQL**
 
-    This `pg_tde` version is based on and supported for [Percona Server for PostgreSQL 17.x :octicons-link-external-16:](https://docs.percona.com/postgresql/17/postgresql-server.html) - an open source binary drop-in replacement for PostgreSQL Community. It provides the `tde_heap` access method and offers [full encryption capabilities](#whats-encrypted). 
+    This `pg_tde` version is based on and supported for [Percona Server for PostgreSQL 17.x :octicons-link-external-16:](https://docs.percona.com/postgresql/17/postgresql-server.html) - an open source binary drop-in replacement for PostgreSQL Community. It provides the `tde_heap` access method and offers [full encryption capabilities](features.md). 
 
 * **Community version**
 
@@ -55,11 +56,3 @@ Otherwise, enjoy full encryption with the Percona Server for PostgreSQL version
 
 Still not sure? [Contact our experts](https://www.percona.com/about/contact) to find the best solution for you.
 
-[Get started](install.md){.md-button}
-
-## Future releases
-
-The following is planned for future releases of `pg_tde`:
-
-* KMIP integration for key management
-* Global principal key management

documentation/docs/release-notes/release-notes.md

@@ -4,6 +4,47 @@
 
 [Get started](../install.md){.md-button}
 
+## Beta 2 (2024-12-16)
+
+With this release, `pg_tde` extension offers two database specific versions:
+
+*  PostgreSQL Community version provides only the `tde_heap_basic` access method using which you can introduce table encryption and WAL encryption for data in the encrypted tables. Index data remains unencrypted.
+* Version for Percona Server for PostgreSQL provides the `tde_heap`access method. using this method you can encrypt index data in encrypted tables thus increasing the safety of your sensitive data. For backward compatibility, the `tde_heap_basic` method is available in this version too. 
+
+The Beta 2 version introduces the following features and improvements:
+
+### New Features
+
+* Added the `tde_heap` access method with which you can now enable index encryption for encrypted tables and global WAL data encryption. To use this access method, you must install Percona Server for PostgreSQL. Check the [installation guide](../install.md)
+* Added event triggers to identify index creation operations on encrypted tables and store those in a custom storage. 
+* Added support for secure transfer of keys using the [OASIS Key Management Interoperability Protocol (KMIP)](https://docs.oasis-open.org/kmip/kmip-spec/v2.0/os/kmip-spec-v2.0-os.html). The KMIP implementation was tested with the PyKMIP server and the HashiCorp Vault Enterprise KMIP Secrets Engine. 
+
+
+### Improvements
+
+* WAL encryption improvements:
+
+   * Added a global key to encrypt WAL data in global space
+   * Added WAL key management
+
+* Keyring improvements:
+
+    * Renamed functions to point their usage for principal key management
+    * Improved keyring provider management across databases and the global space.
+    * Keyring configuration now uses common JSON API. This simplifies code handling and enables frontend tools like `pg_waldump` to read the code thus improving debugging.
+
+* The `pg_tde_is_encrypted` function now supports custom schemas in the format of `pg_tde_is_encrypted('schema.table');`
+* Changed the location of internal TDE files: instead of the database directory, now all files are stored in ` $PGDATA/pg_tde`
+* Improved error reporting when `pg_tde` is not added to the `shared_preload_libraries`
+* Improved memory usage of `tde_heap_basic `during sequential reads
+* Improved `tde_heap_basic` for select statements
+* Added encryption support for (some) command line utilities
+
+### Bugs fixed
+
+* Fixed multiple bugs with `tde_heap_basic` and TOAST records
+* Fixed various memory leaks
+
 ## Beta (2024-06-30)
 
 With this version, the access method for `pg_tde` extension is renamed `tde_heap_basic`. Use this access method name to create tables. Find guidelines in [Test TDE](../test.md) tutorial.

documentation/mkdocs.yml

@@ -105,6 +105,7 @@ markdown_extensions:
 plugins:
   - search:
       separator: '[\s\-,:!=\[\]()"/]+|(?!\b)(?=[A-Z][a-z])|\.(?!\d)|&[lg]t;'
+  - open-in-new-tab:
   - git-revision-date-localized:
       enable_creation_date: true
       enabled: !ENV [ENABLED_GIT_REVISION_DATE, True]
@@ -155,6 +156,7 @@ extra:
 
 nav:
   - Home: index.md
+  - features.md
   - Get started:
     - "Install": "install.md"
     - "Via apt": apt.md

documentation/requirements.txt

@@ -16,3 +16,4 @@ mkdocs-meta-descriptions-plugin
 mike
 mkdocs-glightbox
 Pillow > 10.1.0
+mkdocs-open-in-new-tab

documentation/variables.yml

@@ -1,5 +1,4 @@
 #Variables used throughout the docs
 
 release: 'Beta'
-pgversion16: '16.4'
-pgversion17: '17.0'
+pgversion17: '17.2'