Atlassian uses cookies to improve your browsing experience, perform analytics and research, and conduct advertising. Accept all cookies to indicate that you agree to our use of cookies on your device. Atlassian cookies and tracking notice, (opens new window)
When kmip server is configured as a key provider and user try to enable the encryption, the server restart fails with error message. FATAL: failed to retrieve principal key. Create one using pg_tde_set_server_principal_key before using encrypted WAL.
Steps to reproduce.
start server.
psql
CREATE SCHEMA tde;
CREATE EXTENSION IF NOT EXISTS pg_tde SCHEMA tde;
SELECT tde.pg_tde_add_global_key_provider_kmip('kmip-prov','kmip1', 5696, '/tmp/certs/server_certificate.pem', '/tmp/certs/client_key_jane_doe.pem');
SELECT tde.pg_tde_set_server_principal_key('kmip-principal-key','kmip-prov');
ALTER SYSTEM SET pg_tde.wal_encrypt = on;
ALTER SYSTEM SET default_table_access_method = 'tde_heap';
ALTER SYSTEM SET search_path = "$user",public,tde
restart server.
pg_ctl -D /var/lib/postgresql/data/ -l logfile restart
waiting for server to shut down.... done
server stopped
waiting for server to start.... stopped waiting
pg_ctl: could not start server
Examine the log output.
Log file says.
FATAL: failed to retrieve principal key. Create one using pg_tde_set_server_principal_key before using encrypted WAL.
LOG: database system is shut down
When kmip server is configured as a key provider and user try to enable the encryption, the server restart fails with error message.
FATAL: failed to retrieve principal key. Create one using pg_tde_set_server_principal_key before using encrypted WAL.Steps to reproduce.
start server. psql CREATE SCHEMA tde; CREATE EXTENSION IF NOT EXISTS pg_tde SCHEMA tde; SELECT tde.pg_tde_add_global_key_provider_kmip('kmip-prov','kmip1', 5696, '/tmp/certs/server_certificate.pem', '/tmp/certs/client_key_jane_doe.pem'); SELECT tde.pg_tde_set_server_principal_key('kmip-principal-key','kmip-prov'); ALTER SYSTEM SET pg_tde.wal_encrypt = on; ALTER SYSTEM SET default_table_access_method = 'tde_heap'; ALTER SYSTEM SET search_path = "$user",public,tde restart server. pg_ctl -D /var/lib/postgresql/data/ -l logfile restart waiting for server to shut down.... done server stopped waiting for server to start.... stopped waiting pg_ctl: could not start server Examine the log output. Log file says. FATAL: failed to retrieve principal key. Create one using pg_tde_set_server_principal_key before using encrypted WAL. LOG: database system is shut down