Re: Key management with tests

From: Bruce Momjian <bruce(at)momjian(dot)us>
To: Thomas Munro <thomas(dot)munro(at)gmail(dot)com>
Cc: PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>, Stephen Frost <sfrost(at)snowman(dot)net>, Masahiko Sawada <masahiko(dot)sawada(at)2ndquadrant(dot)com>
Subject: Re: Key management with tests
Date: 2021-01-15 20:49:26
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pgsql-hackers

On Tue, Jan 12, 2021 at 12:04:09PM -0500, Bruce Momjian wrote:
> On Sun, Jan 10, 2021 at 09:51:16AM -0500, Bruce Momjian wrote:
> > OK, here they are with numeric prefixes. It was actually tricky to
> > figure out how to create a squashed format-patch based on another branch.
> Here is an updated version built on top of Michael Paquier's patch
> posted here:
> and included as my first attachment. This will give Michael's patch
> cfbot testing too since the second attachment calls many of the first
> attachment's functions.

Now that Michael's hex encoding patch is committed, I am reposting my
key management patch without Michael's patch. It is improved since the
mid-December version:

* TAP tests for encrypt/decryption, wrapped key creation and decryption,
and KEK rotation
* built on top of new hex encoding functions in /common
* passes cfbot testing
* handles disabled OpenSSL library properly
* handles Windows builds properly

I also learned a lot about format-patch, cfbot testing, and TAP tests.

It still can't test everything, like prompting from /dev/tty. Also, if
we don't get data encryption into PG 14, we are going to need to hide
the user interface for some of this until it is useful. Prompting from
/dev/tty for the TLS private key passphrase already works and will be a
useful PG 14 feature, so that part of the API will be visible in PG 14.

I am planning to apply this next week.

Bruce Momjian <bruce(at)momjian(dot)us>

The usefulness of a cup is in its emptiness, Bruce Lee

Attachment Content-Type Size
key.diff.gz application/gzip 120.9 KB

In response to


Browse pgsql-hackers by date

  From Date Subject
Next Message Andres Freund 2021-01-15 21:22:45 Re: Add table access method as an option to pgbench
Previous Message Justin Pryzby 2021-01-15 20:25:46 Re: jit and explain nontext