git.postgresql.org Git - postgresql.git/commit

git projects / postgresql.git / commit

summary | shortlog | log | commit | commitdiff | tree
(parent: 5c31afc) | patch

Add key management system

author Bruce Momjian <bruce@momjian.us>

2020年12月25日 15:19:44 +0000 (10:19 -0500)

committer Bruce Momjian <bruce@momjian.us>

2020年12月25日 15:19:44 +0000 (10:19 -0500)

commit 978f869b992f9fca343e99d6fdb71073c76e869a

tree b8020240551aa16da5b4fc9fbf96710de2d667e4 tree

parent 5c31afc49d0b62b357218b6f8b01782509ef8acd commit | diff

Add key management system

This adds a key management system that stores (currently) two data
encryption keys of length 128, 192, or 256 bits. The data keys are
AES256 encrypted using a key encryption key, and validated via GCM
cipher mode. A command to obtain the key encryption key must be
specified at initdb time, and will be run at every database server
start. New parameters allow a file descriptor open to the terminal to
be passed. pg_upgrade support has also been added.

Discussion: https://postgr.es/m/CA+fd4k7q5o6Nc_AaX6BcYM9yqTbC6_pnH-6nSD=54Zp6NBQTCQ@mail.gmail.com
Discussion: https://postgr.es/m/20201202213814.GG20285@momjian.us

Author: Masahiko Sawada, me, Stephen Frost

49 files changed:

doc/src/sgml/config.sgml diff | blob | blame | history

doc/src/sgml/database-encryption.sgml [new file with mode: 0644] blob

doc/src/sgml/filelist.sgml diff | blob | blame | history

doc/src/sgml/installation.sgml diff | blob | blame | history

doc/src/sgml/postgres.sgml diff | blob | blame | history

doc/src/sgml/ref/initdb.sgml diff | blob | blame | history

doc/src/sgml/ref/pg_ctl-ref.sgml diff | blob | blame | history

doc/src/sgml/ref/pgupgrade.sgml diff | blob | blame | history

doc/src/sgml/ref/postgres-ref.sgml diff | blob | blame | history

doc/src/sgml/storage.sgml diff | blob | blame | history

src/backend/Makefile diff | blob | blame | history

src/backend/access/transam/xlog.c diff | blob | blame | history

src/backend/bootstrap/bootstrap.c diff | blob | blame | history

src/backend/crypto/Makefile [new file with mode: 0644] blob

src/backend/crypto/kmgr.c [new file with mode: 0644] blob

src/backend/main/main.c diff | blob | blame | history

src/backend/postmaster/pgstat.c diff | blob | blame | history

src/backend/postmaster/postmaster.c diff | blob | blame | history

src/backend/replication/basebackup.c diff | blob | blame | history

src/backend/storage/ipc/ipci.c diff | blob | blame | history

src/backend/storage/lmgr/lwlocknames.txt diff | blob | blame | history

src/backend/tcop/postgres.c diff | blob | blame | history

src/backend/utils/misc/guc.c diff | blob | blame | history

src/backend/utils/misc/pg_controldata.c diff | blob | blame | history

src/backend/utils/misc/postgresql.conf.sample diff | blob | blame | history

src/bin/initdb/initdb.c diff | blob | blame | history

src/bin/pg_controldata/pg_controldata.c diff | blob | blame | history

src/bin/pg_ctl/pg_ctl.c diff | blob | blame | history

src/bin/pg_resetwal/pg_resetwal.c diff | blob | blame | history

src/bin/pg_rewind/filemap.c diff | blob | blame | history

src/bin/pg_upgrade/check.c diff | blob | blame | history

src/bin/pg_upgrade/controldata.c diff | blob | blame | history

src/bin/pg_upgrade/file.c diff | blob | blame | history

src/bin/pg_upgrade/option.c diff | blob | blame | history

src/bin/pg_upgrade/pg_upgrade.h diff | blob | blame | history

src/bin/pg_upgrade/server.c diff | blob | blame | history

src/common/Makefile diff | blob | blame | history

src/common/cipher.c [new file with mode: 0644] blob

src/common/cipher_openssl.c [new file with mode: 0644] blob

src/common/kmgr_utils.c [new file with mode: 0644] blob

src/include/catalog/pg_control.h diff | blob | blame | history

src/include/common/cipher.h [new file with mode: 0644] blob

src/include/common/kmgr_utils.h [new file with mode: 0644] blob

src/include/crypto/kmgr.h [new file with mode: 0644] blob

src/include/pgstat.h diff | blob | blame | history

src/include/postmaster/postmaster.h diff | blob | blame | history

src/include/utils/guc_tables.h diff | blob | blame | history

src/test/Makefile diff | blob | blame | history

src/tools/msvc/Mkvcbuild.pm diff | blob | blame | history

This is the main PostgreSQL git repository.