On Wed, Mar 25, 2020 at 05:51:08PM +0900, Masahiko Sawada wrote: > On Tue, 24 Mar 2020 at 23:15, Bruce Momjian <br...@momjian.us> wrote: > > > > On Tue, Mar 24, 2020 at 02:29:57PM +0900, Masahiko Sawada wrote: > > > That seems to work fine. > > > > > > So we will have pg_cryptokeys within PGDATA and each key is stored > > > into separate file named the key id such as "sql", "tde-wal" and > > > "tde-block". I'll update the patch and post. > > > > Yes, that makes sense to me. > > > > I've attached the updated patch. With the patch, we have three > internal keys: SQL key, TDE-block key and TDE-wal key. Only SQL key > can be used so far to wrap and unwrap user secret via pg_wrap and > pg_unwrap SQL functions. Each keys is saved to the single file located > at pg_cryptokeys. After initdb with enabling key manager, the > pg_cryptokeys directory has the following files: > > $ ll data/pg_cryptokeys > total 12K > -rw------- 1 masahiko staff 132 Mar 25 15:45 0000 > -rw------- 1 masahiko staff 132 Mar 25 15:45 0001 > -rw------- 1 masahiko staff 132 Mar 25 15:45 0002 > > I used the integer id rather than string id to make the code simple.
Great, thanks. I assume the final version will use file names. -- Bruce Momjian <br...@momjian.us> https://momjian.us EnterpriseDB https://enterprisedb.com + As you are, so once was I. As I am, so you will be. + + Ancient Roman grave inscription +
