Re: pgsql: Add key management system

Fri, 25 Dec 2020 10:30:28 -0800 

On 2020-12-25 16:19, Bruce Momjian wrote:


Add key management system
doc/src/sgml/database-encryption.sgml         |  97 +++++


Attached are a few typos.

I also noticed that this option does not occur in the initdb --help:

  -u  --copy-encryption-keys

Was that deliberate?


Thanks,

Erik Rijkers







--- ./doc/src/sgml/database-encryption.sgml.orig	2020-12-25 19:11:55.809303009 +0100
+++ ./doc/src/sgml/database-encryption.sgml	2020-12-25 19:22:22.558936395 +0100
@@ -13,7 +13,7 @@
   log from being able to access the data stored in those files.
   For example, when using cluster file encryption, users who have read
   access to the cluster directories for backup purposes will not be able
-  to decrypt the data stored in the these files.
+  to decrypt the data stored in these files.
  </para>
 
  <para>
@@ -24,7 +24,7 @@
   Key one is used to encrypt write-ahead log (WAL) files.  Two different
   keys are used so that primary and standby servers can use different zero
   (heap/index/temp) keys, but the same one (WAL) key, so that these keys
-  can eventually be rotated by switching the primary to the standby as
+  can eventually be rotated by switching the primary to the standby
   and then changing the WAL key.
  </para>
 
@@ -68,7 +68,7 @@
    During the <command>initdb</command> process, if
    <option>--cluster-key-command</option> is specified, two data-level
    encryption keys are created.   These two keys are then encrypted with
-   the key enryption key (KEK) supplied by the cluster key command before
+   the key encryption key (KEK) supplied by the cluster key command before
    being stored in the database directory.  The key or passphrase that
    derives the key must be supplied from the terminal or stored in a
    trusted key store, such as key vault software, hardware security module.
@@ -87,7 +87,7 @@
   </para>
 
   <para>
-   The data encryption keys are randomly generated and are of 128, 192,
+   The data encryption keys are randomly generated and are 128, 192,
    or 256-bits in length.  They are encrypted by the key encryption key
    (KEK) using Advanced Encryption Standard (<acronym>AES256</acronym>)
    encryption in Galois/Counter Mode (<acronym>GCM</acronym>), which also






















					Reply via email to