Rotate WAL internal key on server start

Description

CTR encryption is vulnerable to reuse of keys.

How to document

None

How to test

Check if WAL encryption still works even after a restart. And to make sure a rotation actually probably happened you could look at the contents of the key map file.

Activity

Show:

mohit.joshi 2 days ago

Partially verified. I am able to see rotated WAl keys in the map file. However, there are failures with WAL encryption ON/FF and server restarts due to open bugs and

Marking this ticket as fixed and resolved.

andreas.karlsson March 12, 2025 at 3:12 PM

Here is a PoC.

Done

Details
Assignee
mohit.joshi
Reporter
andreas.karlsson
Labels
Unplannedgood-first-issuepg_tdereviewed
Story Points
1
Components
Sprint
Sprint 19
Fix versions
pg_tde GA (WAL Beta)
Priority
Critical

Smart Checklist

Created March 12, 2025 at 3:05 PM

Updated 2 days ago

Resolved 2 days ago

Rotate WAL internal key on server start

Description

How to document

How to test

Activity

mohit.joshi 2 days ago

andreas.karlsson March 12, 2025 at 3:12 PM

DetailsAssigneemohit.joshimohit.joshiReporterandreas.karlssonandreas.karlssonLabelsUnplannedgood-first-issuepg_tdereviewedStory Points1ComponentsSprintSprint 19Fix versionspg_tde GA (WAL Beta)PriorityCritical

Details

Assignee

Reporter

Labels

Story Points

Components

Sprint

Fix versions

Priority

Smart ChecklistOpen Smart Checklist

Smart Checklist

Details
Assignee
mohit.joshi
Reporter
andreas.karlsson
Labels
Unplannedgood-first-issuepg_tdereviewed
Story Points
1
Components
Sprint
Sprint 19
Fix versions
pg_tde GA (WAL Beta)
Priority
Critical

Smart Checklist