mirror of
https://github.com/postgres/postgres.git
synced 2025-07-09 22:41:56 +03:00
Add key management system
This adds a key management system that stores (currently) two data encryption keys of length 128, 192, or 256 bits. The data keys are AES256 encrypted using a key encryption key, and validated via GCM cipher mode. A command to obtain the key encryption key must be specified at initdb time, and will be run at every database server start. New parameters allow a file descriptor open to the terminal to be passed. pg_upgrade support has also been added. Discussion: https://postgr.es/m/CA+fd4k7q5o6Nc_AaX6BcYM9yqTbC6_pnH-6nSD=54Zp6NBQTCQ@mail.gmail.com Discussion: https://postgr.es/m/20201202213814.GG20285@momjian.us Author: Masahiko Sawada, me, Stephen Frost
This commit is contained in:
@ -18,6 +18,7 @@
|
||||
|
||||
#include "access/xlog_internal.h" /* for pg_start/stop_backup */
|
||||
#include "catalog/pg_type.h"
|
||||
#include "common/kmgr_utils.h"
|
||||
#include "common/file_perm.h"
|
||||
#include "commands/progress.h"
|
||||
#include "lib/stringinfo.h"
|
||||
@ -152,6 +153,10 @@ struct exclude_list_item
|
||||
*/
|
||||
static const char *const excludeDirContents[] =
|
||||
{
|
||||
/* Skip temporary crypto key directories */
|
||||
NEW_KMGR_DIR,
|
||||
OLD_KMGR_DIR,
|
||||
|
||||
/*
|
||||
* Skip temporary statistics files. PG_STAT_TMP_DIR must be skipped even
|
||||
* when stats_temp_directory is set because PGSS_TEXT_FILE is always
|
||||
|
Reference in New Issue
Block a user