Re: Key management with tests

From: Bruce Momjian <bruce(at)momjian(dot)us>
To: Tom Kincaid <tomjohnkincaid(at)gmail(dot)com>
Cc: Andres Freund <andres(at)anarazel(dot)de>, Amit Kapila <amit(dot)kapila16(at)gmail(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com>, Thomas Munro <thomas(dot)munro(at)gmail(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>, Stephen Frost <sfrost(at)snowman(dot)net>, Masahiko Sawada <masahiko(dot)sawada(at)2ndquadrant(dot)com>
Subject: Re: Key management with tests
Date: 2021-01-25 19:18:05
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pgsql-hackers

On Mon, Jan 18, 2021 at 05:47:34PM -0500, Tom Kincaid wrote:
> I met with Bruce and Stephen this afternoon to discuss the feedback
> we received so far (prior to Robert's note which I haven't fully
> digested yet)
> on this patch.
> Here is what we plan to do:
> 1) Bruce is going to gather all the details from the Wiki and build a
> README for the TDE Key Management patch. In addition, it will include
> details about the implementation, the data structures involved and the
> locks that are taken and general technical implementation approach.
> Could we get feedback if this feels like enough to get this patch
> (which will include just the Key Management portion of TDE) to a state
> where it can be reviewed and assuming the review issues are resolved
> with consensus be committed?

Attached is an updated patch that has the requested changes:

* broken into seven parts
* test script converted from shell to Perl
* added README for every new directory
* moved text from wiki to READMEs where appropriate
* included Robert's suggestions, including the ability to add
future non-AES crypto methods
* fixes for pg_alterckey PGDATA arg processing

The patch is attached, and is also here:


* What changes do people want to this patch set?
* Do we want it applied, even though it might need to be hidden for PG
* If not, how do people build on this patch? Using the commitfest
links or github URL?

Bruce Momjian <bruce(at)momjian(dot)us>

The usefulness of a cup is in its emptiness, Bruce Lee

Attachment Content-Type Size
1-crypto.diff.gz application/gzip 9.4 KB
2-backend.diff.gz application/gzip 6.2 KB
3-common.diff.gz application/gzip 9.0 KB
4-pg_alterckey.diff.gz application/gzip 8.1 KB
5-bin.diff.gz application/gzip 9.3 KB
6-test.diff.gz application/gzip 82.5 KB
7-key.diff text/x-diff 7.9 KB

In response to


Browse pgsql-hackers by date

  From Date Subject
Next Message Jacob Champion 2021-01-25 19:31:16 Re: Fixing cache pollution in the Kerberos test suite
Previous Message Anastasia Lubennikova 2021-01-25 19:14:43 Re: pg_upgrade fails with non-standard ACL