Add functionality to delete key providers
Description
How to document
None
How to test
None
Activity
Show:
Done
Details
Details
Assignee
Zsolt ParragiReporter
Zsolt ParragiLabels
Components
Sprint
None
Fix versions
Priority
MediumParent
Smart Checklist
Open Smart Checklist
Smart Checklist
Open Smart Checklist
Created December 12, 2024 at 8:07 PM
Updated February 3, 2025 at 8:59 PM
Resolved February 3, 2025 at 8:59 PM
Providers can be deleted by the
pg_tde_drop_key_provider([PG_TDE_GLOBAL, ] provider_name)
Function.
For database specific providers, the function first checks if the provider is used or not, and the provider is only deleted if it’s not used.
For global providers, the function checks if the provider is used anywhere, WAL or any specific database, and returns an error if it is.
This somewhat goes against the principle that pg_tde shouldn’t interact with other databases than the one the user is connected to, but on the other hand, it only does this lookup in the internal pg_tde metadata, not in postgres catalogs, so it is a gray zone. Making this check makes more sense than potentially making some databases inaccessible.