Additional information display functions about principal keys / providers

Description

Current key details

pg_tde_principal_key_info() returns the name of the current principal key, and the provider it uses.

pg_tde_verify_principal_key() checks that the key provider is accessible, that the current principal key can be downloaded from it, and that it is the same as the current key stored in memory - if any of these fail, it reports an appropriate error.

Listing all active keys (?)

SUPERusers are able to use the following function:

pg_tde_list_active_keys()

Which reports all the actively used keys by all databases on the current server. Similarly to pg_tde_show_current_principal_key, it only shows names and associated providers, it doesn’t reveal any sensitive information about the providers.

How to document

None

How to test

Tests are already part of the key_provider suite, both for successful and failin verification

Activity

Show:

shahidullah.khan February 13, 2025 at 12:07 PM

Description has been updated. Moving the story to Done.

shahidullah.khan February 12, 2025 at 1:19 PM

@Zsolt Parragi Please update the story description as discussed in TDE meeting yesterday, that we have the updated picture and story status could be move to updated.

I have verified pg_tde_verify_principal_key() and other related function(s).
It is already automated and part of key_provider suite.

Done

Details

Assignee

shahidullah.khan

Reporter

Zsolt Parragi

Labels

TDE_RC

Components

pg_tde

Sprint

None

Fix versions

pg_tde_RC1

Priority

Medium

Parent

PG-1287 PG TDE RC

Smart Checklist

Created December 12, 2024 at 8:11 PM

Updated February 13, 2025 at 12:07 PM

Resolved February 13, 2025 at 12:07 PM

Configure

PostgreSQL