Skip to content

Merge back release 17.5.2 #463

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 21 commits into from
Jul 3, 2025
Merged

Merge back release 17.5.2 #463

merged 21 commits into from
Jul 3, 2025

Conversation

dutow
Copy link
Collaborator

@dutow dutow commented Jul 3, 2025

No description provided.

jeltz and others added 21 commits June 17, 2025 17:59
@jeltz
PG-1663 Make sure indexes on paritioned tables are encrypted
f631496 
Since we only looked at the parent table and not on the whole tree when
setting the status of the encrypted indexes we could easily accidentally
create a plain text index on an encrypted table.

This patch also makes sure to disallow adding indexes to an inheritance
tree where the tables are a mix of encrypted and unecrypted tables.
@dutow
Update postgres and pg_tde version numbers
93dcf72
@jeltz
PG-1662 Handle changing access method of partitioned table correctly
d48fdea 
Since partitioned tables do not have any sotrage and only control the
default access method of their children we should not try to change the
encryption status of anything when changing the AM of a partitioned
table.
@jeltz
Try to use poll_start instead of kill9_until_dead in TAP tests
8b1f1cf 
The poll_start function handles both slow kill -9 and slow startup while
kill9_until_dead only really handles one of them.
@AndersAstrand
Remove extra word in error message for existing key
98c3109 
This "to" had no business being in this message.
@Andriciuc
Create enforcement.md - Encryption Enforcement topic (#403)
ef03f7b 
Wrote a general topic regarding Encrpytion Enforcement from pg_tde
perspective.
@Andriciuc
Created replication.md quick walkthrough for pg_tde (#319)
2a1f301 
Created new replication topic which outlines how to set up PostgreSQL streaming replication when the `pg_tde` extension, specifically the `tde_heap` access method, is enabled on the primary server.
@AndersAstrand
PG-1700 Fix error hint when missing principal key
77db80a 
The function this message referenced does not exist, and even if it did
it wouldn't create keys.

Also error hint messages are supposed to be full sentences with capital
letter and period.
@Andriciuc
Create restore-backups.md topic (#397)
d4639f8 
Added a new topic:

- How can I store an old key securely? Use Vault as an example here.
- ~~Explain how you can use this “old” principal key to unencrypt your
backups.~~

Removed files like FAQ and others that do not belong to this PR.
@Andriciuc
Updated Setup/Test/Var/Yum files based on AA feedback (#445)
5191b68 
setup.md:

Modified file to be postgresql.conf file
Modified last note to be clearer.

test.md:
UPdated function return for step 2 checking encrypted data

variables.md:

Added warning note for Enabling WAL encryption.

yum.md:

Updated Memory Lock description.
@Andriciuc
text fixes for how-to and index folders based on AA feedback (#444)
26eecc7 
* uninstall.md added warning note and added a new step to
ensure user knows he needs to decrypt or drop encrypted tables
* rewrote table access ALTER SYSTEM command
* for limitations.md, removed rewind mention and added WAL note as
text, made small changes to RC version. Added note for KMS, improved
system tables text.

Multi-tenant-setup.md:
* updated SELECT parameters
* Added that KMIP server setup is out of scope.
* Added a link to KMS configuration chapter in the intro to Key provider
config
@Andriciuc
faq.md and wal_dump.md/encryption.md content improved (#437)
c94be04 
- updated FAQ with WAL encryption notes about it's beta status
- updated links to How does pg_tde make my data safe? FAQ for KMS chapters
we added
- updated pg_waldump with a note about wal encryption beta status
- Removed post quantum question from FAQ
@artemgavrilov
PG-1257 Add key deletion funcs to documentation
5a2c081 
Add principal key deletion functions to documentation. Fix couple
uncertainties on architecture docs page.
@Andriciuc
Docs 17.5.1 revert commit 56106 (#458)
aa23578 
reverted set key changes for architecture, functions, set principal key
and multi-tenant-setup.md
@Andriciuc
Updated principal-key/features/functions.md based on AA feedback (#441)
8d88d3f 
In set-principal-key.md:
* updated with correct code example using set_server_key_using_global
parameter
* updated note to reflect correct config

In features.md:
* Removed temporary tables feature to clear confusion, removed logical
replication mention, removed WAL encryption as a feature.

In functions.md:
* Added ON FUNCTION for grant/revoke execution
* Modified sensitive info bolded paragraph to important note
* Small modifications to notes display, title cases and text fixes
* added note to Add or modify Vault providers for keeping the same
principal key.
* Added warning for WAL in pg_tde_create_key_using_global_key_provider

In general:
* Removed all logical replication mentions except the FAQ and in RC2
release note.
@Andriciuc
Add OpenBao Topic ver 2 (#459)
58153f9 
- added openbao topic and toc update for new file

- content based on vault.md descriptions
@artemgavrilov
Clarify key deletion funcs description in docs
f10eae3 
Key deletion fucntions don't delete anything as keys stored in external
key management system. So these functions just remove keys from TDE.
@Andriciuc
Re-apply set key changes: revert of revert commit (#461)
33af938 
reverted the revert for set key changes for architecture, functions, set
principal key and multi-tenant-setup.md
@Andriciuc
Prepare general docs for GA release (#434)
dfcef9f 
Updated the introduction with the proper extension name, updated the
intro to reflect this. Removed important note about not meant for
production and added the No upgrade warning from previous versions (like
RC2) to GA. Updates:

* removed the block announcement for RC2 at the top of the HTML page in
the intro
* Added the warning note before installation begins too.
* Updated site name to full name.
@Andriciuc
Update architecture/index.md (#439)
b6c1305 
Updated the Architecture topic with the following:
- New intro detailing the long term tde goals in a paragraph
- Updated the ## Typical setup scenarios topic with better writing and
improved flow
- Added note to WAL Encryption that it is not to be used in prod env
- General small fixes to paragraphs, wrongly written words and such
@Andriciuc
Create Release Notes for 1.0 (#432)
85037c4 
Added initial files and modifications to include 1.0 release notes to
the TOC and variables. Updates:

* updated the ToC names to make them in line with style guide
* updated variable with new release branch and fixed small release note
name
* updated ## Release Highlights with topics:
* Added tickets
* Updated Upgrade considerations
@nastena1606 nastena1606 temporarily deployed to release-17.5.2 - INTERNAL-pg_tde docs PR #463 July 3, 2025 08:38 — with Render Destroyed
@dutow dutow merged commit 7dff5d0 into TDE_REL_17_STABLE Jul 3, 2025
19 of 33 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jeltz jeltz jeltz approved these changes

@nastena1606 nastena1606 Awaiting requested review from nastena1606 nastena1606 is a code owner

@Andriciuc Andriciuc Awaiting requested review from Andriciuc Andriciuc is a code owner

@dAdAbird dAdAbird Awaiting requested review from dAdAbird dAdAbird is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@dutow @jeltz @nastena1606 @AndersAstrand @Andriciuc @artemgavrilov