Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PG-1241 Documented KMIP integration and setup #368

Merged
merged 6 commits into from
Dec 26, 2024
Merged

PG-1241 Documented KMIP integration and setup #368

merged 6 commits into from
Dec 26, 2024

Conversation

nastena1606
Copy link
Collaborator

Description

Documented KMIP integration and setup

modified: documentation/docs/_images/tde-flow.png
modified: documentation/docs/setup.md
modified: documentation/docs/tde.md

@nastena1606 nastena1606 requested review from dutow and dAdAbird December 4, 2024 16:40
@nastena1606 nastena1606 added the documentation Improvements or additions to documentation label Dec 4, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Dec 4, 2024
edited
Loading

Performance test results:
Normal queries: 8822
TDE queries: 8585
Percentage: 97%
CSV entries: 1010312 pp-2019.csv
Sequential scan read times

HEAP: 1104.744
TDE: 1337.863 (121%)
TDE_BASIC: 1337.863 (161%)

@nastena1606 nastena1606 changed the title Documented KMIP integration and setup PG-1241 Documented KMIP integration and setup Dec 5, 2024
@nastena1606
Documented KMIP integration and setup
aaf93e3 
 modified:   documentation/docs/_images/tde-flow.png
        modified:   documentation/docs/setup.md
        modified:   documentation/docs/tde.md
dutow
dutow reviewed Dec 12, 2024
View reviewed changes
documentation/docs/setup.md Outdated Show resolved Hide resolved
documentation/docs/setup.md Outdated Show resolved Hide resolved
documentation/docs/setup.md Outdated Show resolved Hide resolved
documentation/docs/setup.md Outdated Show resolved Hide resolved
@nastena1606 nastena1606 requested a review from dutow December 12, 2024 10:10
dutow
dutow reviewed Dec 26, 2024
View reviewed changes
documentation/docs/tde.md Outdated
@@ -6,7 +6,7 @@ Transparent Data Encryption is a technology to protect data at rest. The encrypt

To encrypt the data, two types of keys are used:

* Database keys to encrypt user data. These are stored internally, near the data that they encrypt.
* Table encryption keys (TEK) to encrypt user data. These keys are stored internally, near the data that they encrypt.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we need this acronym? We never used that before (TEK).

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's been used in Jan's talks. But TBH I like database keys more)
Changing back

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Both are incorrect. we are simply calling them internal keys in the code, because that's what they are.

These can encrypt in theory any database file - tables, indexes, WAl, who knows what in the future...

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated

documentation/docs/setup.md Outdated
@@ -58,12 +58,14 @@ Load the `pg_tde` at the start time. The extension requires additional shared me

* `provider-name` is the name of the provider. You can specify any name, it's for you to identify the provider.
* `kmip-IP` is the IP address of a domain name of the KMIP server
* The port to communicate with the KMIP server. The default port is `5696`.
* `5696` is the port to communicate with the KMIP server.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

port is the port to communicate with the KMIP server? It can be anything, depending on the KMIP server, 5696 is just the official port mot servers use...

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

But it is hardcoded now? So not a default one, but required one, correct? Why does the current wording not suit?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No, it is a parameter the user has to specify.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated

@nastena1606 nastena1606 requested a review from dutow December 26, 2024 11:30
@nastena1606 nastena1606 merged commit bf7f6ea into main Dec 26, 2024
11 checks passed
@nastena1606 nastena1606 deleted the Doc-KMIP-support branch December 26, 2024 13:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dutow dutow dutow approved these changes

@dAdAbird dAdAbird Awaiting requested review from dAdAbird

Assignees
No one assigned
Labels
documentation Improvements or additions to documentation
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@nastena1606 @dutow