From b3e4113e237b7dbf8c8721e8b24daf3bd807714a Mon Sep 17 00:00:00 2001
From: Dragos Andriciuc <andriciucdragos@protonmail.com>
Date: Tue, 22 Jul 2025 17:14:29 +0300
Subject: [PATCH 01/10] add 2.0 release note - initial document

- add new date variable for 2.0 release
---
 .../docs/release-notes/release-notes-v2.0.md  | 30 +++++++++++++++++++
 contrib/pg_tde/documentation/variables.yml    |  1 +
 2 files changed, 31 insertions(+)
 create mode 100644 contrib/pg_tde/documentation/docs/release-notes/release-notes-v2.0.md

diff --git a/contrib/pg_tde/documentation/docs/release-notes/release-notes-v2.0.md b/contrib/pg_tde/documentation/docs/release-notes/release-notes-v2.0.md
new file mode 100644
index 0000000000000..5f7069364f977
--- /dev/null
+++ b/contrib/pg_tde/documentation/docs/release-notes/release-notes-v2.0.md
@@ -0,0 +1,30 @@
+# pg_tde 2.0 ({{date.2.0}})
+
+The `pg_tde` by Percona extension brings in [Transparent Data Encryption (TDE)](../index/index.md) to PostgreSQL and enables you to keep sensitive data safe and secure.
+
+[Get Started](../install.md){.md-button}
+
+## Release Highlights
+
+* **WAL encryption is still in Beta**
+
+The WAL encryption feature is currently still in beta and is not effective unless explicitly enabled. **It is not yet production ready.** Do **not** enable this feature in production environments.
+
+## Known issues
+
+* The default `mlock` limit on Rocky Linux 8 for ARM64-based architectures equals the memory page size and is 64 Kb. This results in the child process with `pg_tde` failing to allocate another memory page because the max memory limit is reached by the parent process.
+
+To prevent this, you can change the `mlock` limit to be at least twice bigger than the memory page size:
+
+* temporarily for the current session using the `ulimit -l <value>` command.
+* set a new hard limit in the `/etc/security/limits.conf` file. To do so, you require the superuser privileges.
+
+Adjust the limits with caution since it affects other processes running in your system.
+
+## Changelog
+
+### New Features
+
+### Improvements
+
+### Bugs Fixed
diff --git a/contrib/pg_tde/documentation/variables.yml b/contrib/pg_tde/documentation/variables.yml
index 2938e44a53a96..81e2ae6599089 100644
--- a/contrib/pg_tde/documentation/variables.yml
+++ b/contrib/pg_tde/documentation/variables.yml
@@ -6,6 +6,7 @@ pgversion17: '17.5'
 tdebranch: release-17.5.2
 
 date:
+  2.0: '2025-08-15'
   GA10: '2025-06-30'
   RC2: '2025-05-29'
   RC: '2025-03-27'

From e9b80129271fdb9e7799f8a45e2b1708b4c2bbca Mon Sep 17 00:00:00 2001
From: Dragos Andriciuc <andriciucdragos@protonmail.com>
Date: Tue, 29 Jul 2025 15:58:30 +0300
Subject: [PATCH 02/10] add more information in features, improvements and bug
 fixes, update highlights with WAL GA

---
 .../docs/release-notes/release-notes-v2.0.md          | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/contrib/pg_tde/documentation/docs/release-notes/release-notes-v2.0.md b/contrib/pg_tde/documentation/docs/release-notes/release-notes-v2.0.md
index 5f7069364f977..873022d6eb093 100644
--- a/contrib/pg_tde/documentation/docs/release-notes/release-notes-v2.0.md
+++ b/contrib/pg_tde/documentation/docs/release-notes/release-notes-v2.0.md
@@ -6,9 +6,9 @@ The `pg_tde` by Percona extension brings in [Transparent Data Encryption (TDE)](
 
 ## Release Highlights
 
-* **WAL encryption is still in Beta**
+* **WAL encryption is now Generally Available (GA)**
 
-The WAL encryption feature is currently still in beta and is not effective unless explicitly enabled. **It is not yet production ready.** Do **not** enable this feature in production environments.
+The WAL (Write-Ahead Logging) encryption feature is now fully supported and production-ready, it adds secure logging to `pg_tde`, expanding Percona's PostgreSQL encryption coverage by enabling secure, transparent encryption of write-ahead logs using the same key infrastructure as data encryption.
 
 ## Known issues
 
@@ -25,6 +25,13 @@ Adjust the limits with caution since it affects other processes running in your
 
 ### New Features
 
+- [PG-1037](https://perconadev.atlassian.net/browse/PG-1037) Make `pg_rewind` work with encrypted WAL
+
 ### Improvements
 
+- PG-1497 WAL encryption GA epic tracking issue
+
 ### Bugs Fixed
+
+- [PG-1391](https://perconadev.atlassian.net/browse/PG-1391) Prevent WAL key mismatches on replicas after `pg_basebackup`
+- [PG-1452](https://perconadev.atlassian.net/browse/PG-1452) `pg_tde_change_key_provider` did not work without `-D` flag even if `PGDATA` was set

From c58f4a7e6b531f89bd8e5c4a7a78c92a65fab111 Mon Sep 17 00:00:00 2001
From: Dragos Andriciuc <andriciucdragos@protonmail.com>
Date: Thu, 14 Aug 2025 16:17:45 +0300
Subject: [PATCH 03/10] add links to rn 2.0

- update variables for 2.0 and dates
- add rn 2.0 to ToC and update rn index
- add limitations to rn
- update cover page date
- fix mini chapters look
---
 .../docs/release-notes/release-notes-v1.0.md         |  6 +++---
 .../docs/release-notes/release-notes-v2.0.md         | 12 +++++++-----
 .../docs/release-notes/release-notes.md              |  1 +
 .../documentation/docs/templates/pdf_cover_page.tpl  |  2 +-
 contrib/pg_tde/documentation/mkdocs.yml              |  1 +
 contrib/pg_tde/documentation/variables.yml           |  8 ++++----
 6 files changed, 17 insertions(+), 13 deletions(-)

diff --git a/contrib/pg_tde/documentation/docs/release-notes/release-notes-v1.0.md b/contrib/pg_tde/documentation/docs/release-notes/release-notes-v1.0.md
index e5035a8a1d66e..8a62726818ccf 100644
--- a/contrib/pg_tde/documentation/docs/release-notes/release-notes-v1.0.md
+++ b/contrib/pg_tde/documentation/docs/release-notes/release-notes-v1.0.md
@@ -1,6 +1,6 @@
 # pg_tde 1.0 ({{date.GA10}})
 
-The `pg_tde` by Percona extension brings in [Transparent Data Encryption (TDE) :octicons-link-external-16:](../index/index.md) to PostgreSQL and enables you to keep sensitive data safe and secure.
+The `pg_tde` by Percona extension brings in [Transparent Data Encryption (TDE) :octicons-link-external-16:](../index/about-tde.md) to PostgreSQL and enables you to keep sensitive data safe and secure.
 
 [Get Started](../install.md){.md-button}
 
@@ -8,7 +8,7 @@ The `pg_tde` by Percona extension brings in [Transparent Data Encryption (TDE) :
 
 * **`pg_tde` 1.0 is now GA (Generally Available)**
 
-And **stable** for encrypting relational data in PostgreSQL using [Transparent Data Encryption (TDE) :octicons-link-external-16:](../index/index.md). This milestone brings production-level data protection to PostgreSQL workloads.
+And **stable** for encrypting relational data in PostgreSQL using [Transparent Data Encryption (TDE) :octicons-link-external-16:](../index/about-tde.md). This milestone brings production-level data protection to PostgreSQL workloads.
 
 * **WAL encryption is still in Beta**
 
@@ -16,7 +16,7 @@ The WAL encryption feature is currently still in beta and is not effective unles
 
 ## Upgrade considerations
 
-`pg_tde` ({{tdeversion}}) is **not** backward compatible with previous `pg_tde` versions, like Release Candidate 2, due to significant changes in code. This means you **cannot** directly upgrade from one version to another. You must do **a clean installation** of `pg_tde`.
+`pg_tde` 1.0 is **not** backward compatible with previous `pg_tde` versions, like Release Candidate 2, due to significant changes in code. This means you **cannot** directly upgrade from one version to another. You must do **a clean installation** of `pg_tde`.
 
 ## Known issues
 
diff --git a/contrib/pg_tde/documentation/docs/release-notes/release-notes-v2.0.md b/contrib/pg_tde/documentation/docs/release-notes/release-notes-v2.0.md
index 873022d6eb093..c4e96db7a3af6 100644
--- a/contrib/pg_tde/documentation/docs/release-notes/release-notes-v2.0.md
+++ b/contrib/pg_tde/documentation/docs/release-notes/release-notes-v2.0.md
@@ -1,15 +1,19 @@
-# pg_tde 2.0 ({{date.2.0}})
+# pg_tde 2.0 ({{date.GA20}})
 
-The `pg_tde` by Percona extension brings in [Transparent Data Encryption (TDE)](../index/index.md) to PostgreSQL and enables you to keep sensitive data safe and secure.
+The `pg_tde` by Percona extension brings in [Transparent Data Encryption (TDE)](../index/about-tde.md) to PostgreSQL and enables you to keep sensitive data safe and secure.
 
 [Get Started](../install.md){.md-button}
 
 ## Release Highlights
 
-* **WAL encryption is now Generally Available (GA)**
+### WAL encryption is now generally available
 
 The WAL (Write-Ahead Logging) encryption feature is now fully supported and production-ready, it adds secure logging to `pg_tde`, expanding Percona's PostgreSQL encryption coverage by enabling secure, transparent encryption of write-ahead logs using the same key infrastructure as data encryption.
 
+### Documentation updates
+
+* Updated the [Limitations](../index/tde-limitations.md) topic to include WAL encryption limitations and supported tools.
+
 ## Known issues
 
 * The default `mlock` limit on Rocky Linux 8 for ARM64-based architectures equals the memory page size and is 64 Kb. This results in the child process with `pg_tde` failing to allocate another memory page because the max memory limit is reached by the parent process.
@@ -29,8 +33,6 @@ Adjust the limits with caution since it affects other processes running in your
 
 ### Improvements
 
-- PG-1497 WAL encryption GA epic tracking issue
-
 ### Bugs Fixed
 
 - [PG-1391](https://perconadev.atlassian.net/browse/PG-1391) Prevent WAL key mismatches on replicas after `pg_basebackup`
diff --git a/contrib/pg_tde/documentation/docs/release-notes/release-notes.md b/contrib/pg_tde/documentation/docs/release-notes/release-notes.md
index 38d8536e2ba4f..9f50fcba58c75 100644
--- a/contrib/pg_tde/documentation/docs/release-notes/release-notes.md
+++ b/contrib/pg_tde/documentation/docs/release-notes/release-notes.md
@@ -4,6 +4,7 @@ This page lists all release notes for `pg_tde`, organized by year and version. U
 
 ## 2025
 
+* [2.0](release-notes-v2.0.md) ({{date.GA20}})
 * [1.0](release-notes-v1.0.md) ({{date.GA10}})
 * [Release Candidate 2 (RC2)](rc2.md)  ({{date.RC2}})
 * [Release Candidate 1 (RC1)](rc.md) ({{date.RC}})
diff --git a/contrib/pg_tde/documentation/docs/templates/pdf_cover_page.tpl b/contrib/pg_tde/documentation/docs/templates/pdf_cover_page.tpl
index 9f4fb22ba71de..28d0a506f1b1f 100644
--- a/contrib/pg_tde/documentation/docs/templates/pdf_cover_page.tpl
+++ b/contrib/pg_tde/documentation/docs/templates/pdf_cover_page.tpl
@@ -7,5 +7,5 @@
 {% if config.site_description %}
 <h1>{{ config.site_description }}</h1>
 {% endif %} 
-<h2> 1.0 (2025-06-30)</h2>
+<h2> 2.0 (2025-08-30)</h2>
 <!--<h3>Percona Technical Documentation Team</h3>-->
\ No newline at end of file
diff --git a/contrib/pg_tde/documentation/mkdocs.yml b/contrib/pg_tde/documentation/mkdocs.yml
index 43725bb5de5e6..d73a8c8cd009e 100644
--- a/contrib/pg_tde/documentation/mkdocs.yml
+++ b/contrib/pg_tde/documentation/mkdocs.yml
@@ -207,6 +207,7 @@ nav:
   - "Release notes":
     - "Release notes index": release-notes/release-notes.md
     - "2025":
+      - "2.0": release-notes/release-notes-v2.0.md
       - "1.0": release-notes/release-notes-v1.0.md
       - "Release Candidate 2": release-notes/rc2.md
       - "Release Candidate 1": release-notes/rc.md
diff --git a/contrib/pg_tde/documentation/variables.yml b/contrib/pg_tde/documentation/variables.yml
index a72a062f2940b..a61f6cb088753 100644
--- a/contrib/pg_tde/documentation/variables.yml
+++ b/contrib/pg_tde/documentation/variables.yml
@@ -1,13 +1,13 @@
 #Variables used throughout the docs
 
-latestreleasenotes: 'release-notes-v1.0'
-tdeversion: '1.0'
-release: '1.0'
+latestreleasenotes: 'release-notes-v2.0'
+tdeversion: '2.0'
+release: '2.0'
 pgversion17: '17.5'
 tdebranch: release-17.5.2
 
 date:
-  2.0: '2025-08-15'
+  GA20: '2025-08-30'
   GA10: '2025-06-30'
   RC2: '2025-05-29'
   RC: '2025-03-27'

From 6b32eeb8353ead5853da231fff922cef9212cff6 Mon Sep 17 00:00:00 2001
From: Dragos Andriciuc <andriciucdragos@protonmail.com>
Date: Tue, 19 Aug 2025 12:13:53 +0300
Subject: [PATCH 04/10] move current release notes from 2025 out of 2025 folder
 in toc (folder is for archiving)

---
 contrib/pg_tde/documentation/mkdocs.yml | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/contrib/pg_tde/documentation/mkdocs.yml b/contrib/pg_tde/documentation/mkdocs.yml
index d73a8c8cd009e..5ae1dbabbabf0 100644
--- a/contrib/pg_tde/documentation/mkdocs.yml
+++ b/contrib/pg_tde/documentation/mkdocs.yml
@@ -206,11 +206,10 @@ nav:
   - faq.md
   - "Release notes":
     - "Release notes index": release-notes/release-notes.md
-    - "2025":
-      - "2.0": release-notes/release-notes-v2.0.md
-      - "1.0": release-notes/release-notes-v1.0.md
-      - "Release Candidate 2": release-notes/rc2.md
-      - "Release Candidate 1": release-notes/rc.md
+    - "2.0": release-notes/release-notes-v2.0.md
+    - "1.0": release-notes/release-notes-v1.0.md
+    - "Release Candidate 2": release-notes/rc2.md
+    - "Release Candidate 1": release-notes/rc.md
     - "2024 (Alpha 1 - Beta 2)":
       - "Beta 2": release-notes/beta2.md
       - "Beta": release-notes/beta.md

From b3b7e89b1fcf7c8808c9a7d634bfeaed7efecace Mon Sep 17 00:00:00 2001
From: Dragos Andriciuc <dragos.andriciuc@percona.com>
Date: Wed, 20 Aug 2025 10:58:39 +0300
Subject: [PATCH 05/10] Update the Features topic buttons for better clarity
 (#508)

---
 contrib/pg_tde/documentation/docs/features.md | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/contrib/pg_tde/documentation/docs/features.md b/contrib/pg_tde/documentation/docs/features.md
index aa8703fc42bca..3f51c25aceaac 100644
--- a/contrib/pg_tde/documentation/docs/features.md
+++ b/contrib/pg_tde/documentation/docs/features.md
@@ -19,4 +19,8 @@ The following features are available for the extension:
 * Table-level granularity for encryption and access control
 * Multiple [Key management options](global-key-provider-configuration/index.md)
 
-[Learn more about TDE and pg_tde :material-arrow-right:](index/about-tde.md){.md-button} [Get started with installation :material-arrow-right:](install.md){.md-button}
+## Next steps
+
+Learn more about how `pg_tde` implements Transparent Data Encryption:
+
+[About Transparent Data Encryption :material-arrow-right:](index/about-tde.md){.md-button}

From 95e9c4e8ad62e9c73aee74601df1d8125faee1d9 Mon Sep 17 00:00:00 2001
From: Dragos Andriciuc <andriciucdragos@protonmail.com>
Date: Wed, 20 Aug 2025 18:34:44 +0300
Subject: [PATCH 06/10] add WAL encryption jira to new features and remove a
 misplaced word

---
 .../documentation/docs/release-notes/release-notes-v2.0.md     | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/contrib/pg_tde/documentation/docs/release-notes/release-notes-v2.0.md b/contrib/pg_tde/documentation/docs/release-notes/release-notes-v2.0.md
index c4e96db7a3af6..9c19a5c866cfb 100644
--- a/contrib/pg_tde/documentation/docs/release-notes/release-notes-v2.0.md
+++ b/contrib/pg_tde/documentation/docs/release-notes/release-notes-v2.0.md
@@ -1,6 +1,6 @@
 # pg_tde 2.0 ({{date.GA20}})
 
-The `pg_tde` by Percona extension brings in [Transparent Data Encryption (TDE)](../index/about-tde.md) to PostgreSQL and enables you to keep sensitive data safe and secure.
+The `pg_tde` by Percona extension brings [Transparent Data Encryption (TDE)](../index/about-tde.md) to PostgreSQL and enables you to keep sensitive data safe and secure.
 
 [Get Started](../install.md){.md-button}
 
@@ -29,6 +29,7 @@ Adjust the limits with caution since it affects other processes running in your
 
 ### New Features
 
+- [PG-1497](https://perconadev.atlassian.net/browse/PG-1497) WAL encryption is now generally available (GA)
 - [PG-1037](https://perconadev.atlassian.net/browse/PG-1037) Make `pg_rewind` work with encrypted WAL
 
 ### Improvements

From 6add44543ed3bfe56e7d93025f4249adf5eae13f Mon Sep 17 00:00:00 2001
From: Dragos Andriciuc <andriciucdragos@protonmail.com>
Date: Thu, 21 Aug 2025 13:40:06 +0300
Subject: [PATCH 07/10] add upgrade limitation warning

---
 .../docs/release-notes/release-notes-v2.0.md          | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/contrib/pg_tde/documentation/docs/release-notes/release-notes-v2.0.md b/contrib/pg_tde/documentation/docs/release-notes/release-notes-v2.0.md
index 9c19a5c866cfb..99f4be30ab1d6 100644
--- a/contrib/pg_tde/documentation/docs/release-notes/release-notes-v2.0.md
+++ b/contrib/pg_tde/documentation/docs/release-notes/release-notes-v2.0.md
@@ -10,6 +10,17 @@ The `pg_tde` by Percona extension brings [Transparent Data Encryption (TDE)](../
 
 The WAL (Write-Ahead Logging) encryption feature is now fully supported and production-ready, it adds secure logging to `pg_tde`, expanding Percona's PostgreSQL encryption coverage by enabling secure, transparent encryption of write-ahead logs using the same key infrastructure as data encryption.
 
+### WAL encryption upgrade limitation
+
+Clusters that used WAL encryption in the beta release (`pg_tde` 1.0 or older) cannot be upgraded to `pg_tde` 2.0. The following error indicates that WAL encryption was enabled:
+
+```sql
+FATAL: principal key not configured
+HINT: Use pg_tde_set_server_key_using_global_key_provider() to configure one.
+```
+
+Clusters that did not use WAL encryption in beta can be upgraded normally.
+
 ### Documentation updates
 
 * Updated the [Limitations](../index/tde-limitations.md) topic to include WAL encryption limitations and supported tools.

From d51b495d175ce1237fa490c113a98ccb78d4d5dc Mon Sep 17 00:00:00 2001
From: Dragos Andriciuc <andriciucdragos@protonmail.com>
Date: Fri, 22 Aug 2025 15:30:06 +0300
Subject: [PATCH 08/10] populate the release notes with features, improvements,
 bug fixes, doc updates

---
 .../docs/release-notes/release-notes-v2.0.md  | 38 ++++++++++++++++---
 1 file changed, 33 insertions(+), 5 deletions(-)

diff --git a/contrib/pg_tde/documentation/docs/release-notes/release-notes-v2.0.md b/contrib/pg_tde/documentation/docs/release-notes/release-notes-v2.0.md
index 99f4be30ab1d6..115e0601a163f 100644
--- a/contrib/pg_tde/documentation/docs/release-notes/release-notes-v2.0.md
+++ b/contrib/pg_tde/documentation/docs/release-notes/release-notes-v2.0.md
@@ -23,7 +23,10 @@ Clusters that did not use WAL encryption in beta can be upgraded normally.
 
 ### Documentation updates
 
-* Updated the [Limitations](../index/tde-limitations.md) topic to include WAL encryption limitations and supported tools.
+* Updated the [Limitations](../index/tde-limitations.md) topic, it now includes WAL encryption limitations and both supported and unsupported WAL tools
+* [PG-1858 :octicons-link-external-16:](https://perconadev.atlassian.net/browse/PG-1858) - Added a new topic for [Backup with WAL encryption enabled](../how-to/backup-wal-enabled.md) that includes restoring a backup created with WAL encryption
+* [PG-1832 :octicons-link-external-16:](https://perconadev.atlassian.net/browse/PG-1858) - Added documentation for using the `pg_tde_archive_decrypt` and `pg_tde_restore_encrypt` utilities. These tools are now covered in [CLI Tools](../command-line-tools/cli-tools.md) to guide users on how to archive and restore encrypted WAL segments securely
+* [PG-1740 :octicons-link-external-16:](https://perconadev.atlassian.net/browse/PG-1740)- Updated documentation for [uninstalling `pg_tde`](../how-to/uninstall.md) with WAL encryption enabled and improved the uninstall instructions to cover cases where TDE is disabled while WAL encryption remains active
 
 ## Known issues
 
@@ -40,12 +43,37 @@ Adjust the limits with caution since it affects other processes running in your
 
 ### New Features
 
-- [PG-1497](https://perconadev.atlassian.net/browse/PG-1497) WAL encryption is now generally available (GA)
-- [PG-1037](https://perconadev.atlassian.net/browse/PG-1037) Make `pg_rewind` work with encrypted WAL
+* [PG-1497 :octicons-link-external-16:](https://perconadev.atlassian.net/browse/PG-1497) WAL encryption is now generally available (GA)
+* [PG-1037 :octicons-link-external-16:](https://perconadev.atlassian.net/browse/PG-1037) - Added support for `pg_rewind` with encrypted WAL
+* [PG-1411 :octicons-link-external-16:](https://perconadev.atlassian.net/browse/PG-1497) - Added support for `pg_resetwal` with encrypted WAL
+* [PG-1603 :octicons-link-external-16:](https://perconadev.atlassian.net/browse/PG-1603) - Added support for `pg_basebackup` with encrypted WAL
+[PG-1710 :octicons-link-external-16:](https://perconadev.atlassian.net/browse/PG-1710) - Added support for PITR with encrypted WAL
+[PG-1711 :octicons-link-external-16:](https://perconadev.atlassian.net/browse/PG-1711) - Added support for incremental backups with encrypted WAL, compatibility has been verified with `pg_combinebackup` and the WAL summarizer tool.
+[PG-1712 :octicons-link-external-16:](https://perconadev.atlassian.net/browse/PG-1712) - Added support for `pg_createsubscriber` with encrypted WAL
+[PG-1815 :octicons-link-external-16:](https://perconadev.atlassian.net/browse/PG-1815) - Verified pgBackRest backup and restore with encrypted clusters
+[PG-1833 :octicons-link-external-16:](https://perconadev.atlassian.net/browse/PG-1833) - Added verified support for using `pg_waldump` with encrypted WAL
+[PG-1834 :octicons-link-external-16:](https://perconadev.atlassian.net/browse/PG-1834) - Verified `pg_upgrade` with encryption (please note the limitation [described above](#wal-encryption-upgrade-limitation))
 
 ### Improvements
 
+* [PG-1661 :octicons-link-external-16:](https://perconadev.atlassian.net/browse/PG-1661) - Added validation for key material received from providers
+* [PG-1667 :octicons-link-external-16:](https://perconadev.atlassian.net/browse/PG-1667) - Validated Vault keyring engine type
+* [PG-1857 :octicons-link-external-16:](https://perconadev.atlassian.net/browse/PG-1857) - Improved error handling for `pg_basebackup` with WAL encryption, `pg_basebackup` now performs stricter validation when used with WAL encryption
+
 ### Bugs Fixed
 
-- [PG-1391](https://perconadev.atlassian.net/browse/PG-1391) Prevent WAL key mismatches on replicas after `pg_basebackup`
-- [PG-1452](https://perconadev.atlassian.net/browse/PG-1452) `pg_tde_change_key_provider` did not work without `-D` flag even if `PGDATA` was set
+* [PG-1391 :octicons-link-external-16:](https://perconadev.atlassian.net/browse/PG-1391) - Fixed unencrypted checkpoint segment on replica with encrypted key
+* [PG-1452 :octicons-link-external-16:](https://perconadev.atlassian.net/browse/PG-1452) - Fixed an issue where `pg_tde_change_key_provider` did not work without the `-D` flag even if `PGDATA` was set
+* [PG-1412 :octicons-link-external-16:](https://perconadev.atlassian.net/browse/PG-1412) – Fixed an issue where `XLogFileCopy` failed with encrypted WAL during PITR and `pg_rewind`
+* [PG-1452 :octicons-link-external-16:](https://perconadev.atlassian.net/browse/PG-1452) - Fixed an issue where `pg_tde_change_key_provider` ignored PGDATA when the `-D` flag was not provided
+* [PG-1485 :octicons-link-external-16:](https://perconadev.atlassian.net/browse/PG-1485) - Fixed an issue where streaming replication failed with an invalid magic number in WAL when `wal_encryption` was enabled
+* [PG-1604 :octicons-link-external-16:](https://perconadev.atlassian.net/browse/PG-1604) - Fixed a crash during standby promotion caused by an invalid magic number when replaying two-phase transactions from WAL
+* [PG-1658 :octicons-link-external-16:](https://perconadev.atlassian.net/browse/PG-1658) - Fixed an issue where the global key provider could not be deleted after server restart
+* [PG-1727 :octicons-link-external-16:](https://perconadev.atlassian.net/browse/PG-1727) - Fixed an issue where replicas failed to decrypt encrypted WAL when using `pg_createsubscriber`
+* [PG-1813 :octicons-link-external-16:]() - Fixed an issue where a rewound primary failed to rejoin as a standby due to WAL decryption errors
+* [PG-1835 :octicons-link-external-16:](https://perconadev.atlassian.net/browse/PG-1835) - Fixed an issue where `pg_resetwal` corrupted encrypted WAL, causing PostgreSQL to fail at startup with an invalid checkpoint
+* [PG-1842 :octicons-link-external-16:](https://perconadev.atlassian.net/browse/PG-1842) - Fixed a delay in replica startup with encrypted tables in streaming replication setups
+* [PG-1843 :octicons-link-external-16:](https://perconadev.atlassian.net/browse/PG-1843) - Fixed performance issues when creating encrypted tables
+* [PG-1863 :octicons-link-external-16:](https://perconadev.atlassian.net/browse/PG-1863) - Fixed an issue where unnecessary WAL was generated when creating temporary tables
+* [PG-1866 :octicons-link-external-16:](https://perconadev.atlassian.net/browse/PG-1866) - Fixed an issue where automatic restart after crash sometimes failed with WAL encryption enabled
+* [PG-1867 :octicons-link-external-16:](https://perconadev.atlassian.net/browse/PG-1867) - Fixed archive recovery with encrypted WAL

From acc435be9bf4fabe3a6f0f9788f71f1e6daaeb4d Mon Sep 17 00:00:00 2001
From: Dragos Andriciuc <andriciucdragos@protonmail.com>
Date: Fri, 22 Aug 2025 20:20:49 +0300
Subject: [PATCH 09/10] add first round of feedback, remove superfluous
 information and unneeded PG's

---
 .../docs/release-notes/release-notes-v2.0.md        | 13 +++++--------
 1 file changed, 5 insertions(+), 8 deletions(-)

diff --git a/contrib/pg_tde/documentation/docs/release-notes/release-notes-v2.0.md b/contrib/pg_tde/documentation/docs/release-notes/release-notes-v2.0.md
index 115e0601a163f..422e8c304f729 100644
--- a/contrib/pg_tde/documentation/docs/release-notes/release-notes-v2.0.md
+++ b/contrib/pg_tde/documentation/docs/release-notes/release-notes-v2.0.md
@@ -8,7 +8,7 @@ The `pg_tde` by Percona extension brings [Transparent Data Encryption (TDE)](../
 
 ### WAL encryption is now generally available
 
-The WAL (Write-Ahead Logging) encryption feature is now fully supported and production-ready, it adds secure logging to `pg_tde`, expanding Percona's PostgreSQL encryption coverage by enabling secure, transparent encryption of write-ahead logs using the same key infrastructure as data encryption.
+The WAL (Write-Ahead Logging) encryption feature is now fully supported and production-ready, it adds secure write-ahead logging to `pg_tde`, expanding Percona's PostgreSQL encryption coverage by enabling secure, transparent encryption of write-ahead logs using the same key infrastructure as data encryption.
 
 ### WAL encryption upgrade limitation
 
@@ -26,7 +26,7 @@ Clusters that did not use WAL encryption in beta can be upgraded normally.
 * Updated the [Limitations](../index/tde-limitations.md) topic, it now includes WAL encryption limitations and both supported and unsupported WAL tools
 * [PG-1858 :octicons-link-external-16:](https://perconadev.atlassian.net/browse/PG-1858) - Added a new topic for [Backup with WAL encryption enabled](../how-to/backup-wal-enabled.md) that includes restoring a backup created with WAL encryption
 * [PG-1832 :octicons-link-external-16:](https://perconadev.atlassian.net/browse/PG-1858) - Added documentation for using the `pg_tde_archive_decrypt` and `pg_tde_restore_encrypt` utilities. These tools are now covered in [CLI Tools](../command-line-tools/cli-tools.md) to guide users on how to archive and restore encrypted WAL segments securely
-* [PG-1740 :octicons-link-external-16:](https://perconadev.atlassian.net/browse/PG-1740)- Updated documentation for [uninstalling `pg_tde`](../how-to/uninstall.md) with WAL encryption enabled and improved the uninstall instructions to cover cases where TDE is disabled while WAL encryption remains active
+* [PG-1740 :octicons-link-external-16:](https://perconadev.atlassian.net/browse/PG-1740) - Updated documentation for [uninstalling `pg_tde`](../how-to/uninstall.md) with WAL encryption enabled and improved the uninstall instructions to cover cases where TDE is disabled while WAL encryption remains active
 
 ## Known issues
 
@@ -47,25 +47,22 @@ Adjust the limits with caution since it affects other processes running in your
 * [PG-1037 :octicons-link-external-16:](https://perconadev.atlassian.net/browse/PG-1037) - Added support for `pg_rewind` with encrypted WAL
 * [PG-1411 :octicons-link-external-16:](https://perconadev.atlassian.net/browse/PG-1497) - Added support for `pg_resetwal` with encrypted WAL
 * [PG-1603 :octicons-link-external-16:](https://perconadev.atlassian.net/browse/PG-1603) - Added support for `pg_basebackup` with encrypted WAL
-[PG-1710 :octicons-link-external-16:](https://perconadev.atlassian.net/browse/PG-1710) - Added support for PITR with encrypted WAL
+[PG-1710 :octicons-link-external-16:](https://perconadev.atlassian.net/browse/PG-1710) - Added support for WAL archiving with encrypted WAL
 [PG-1711 :octicons-link-external-16:](https://perconadev.atlassian.net/browse/PG-1711) - Added support for incremental backups with encrypted WAL, compatibility has been verified with `pg_combinebackup` and the WAL summarizer tool.
 [PG-1712 :octicons-link-external-16:](https://perconadev.atlassian.net/browse/PG-1712) - Added support for `pg_createsubscriber` with encrypted WAL
-[PG-1815 :octicons-link-external-16:](https://perconadev.atlassian.net/browse/PG-1815) - Verified pgBackRest backup and restore with encrypted clusters
 [PG-1833 :octicons-link-external-16:](https://perconadev.atlassian.net/browse/PG-1833) - Added verified support for using `pg_waldump` with encrypted WAL
-[PG-1834 :octicons-link-external-16:](https://perconadev.atlassian.net/browse/PG-1834) - Verified `pg_upgrade` with encryption (please note the limitation [described above](#wal-encryption-upgrade-limitation))
+[PG-1834 :octicons-link-external-16:](https://perconadev.atlassian.net/browse/PG-1834) - Verified `pg_upgrade` with encryption
 
 ### Improvements
 
 * [PG-1661 :octicons-link-external-16:](https://perconadev.atlassian.net/browse/PG-1661) - Added validation for key material received from providers
 * [PG-1667 :octicons-link-external-16:](https://perconadev.atlassian.net/browse/PG-1667) - Validated Vault keyring engine type
-* [PG-1857 :octicons-link-external-16:](https://perconadev.atlassian.net/browse/PG-1857) - Improved error handling for `pg_basebackup` with WAL encryption, `pg_basebackup` now performs stricter validation when used with WAL encryption
 
 ### Bugs Fixed
 
 * [PG-1391 :octicons-link-external-16:](https://perconadev.atlassian.net/browse/PG-1391) - Fixed unencrypted checkpoint segment on replica with encrypted key
-* [PG-1452 :octicons-link-external-16:](https://perconadev.atlassian.net/browse/PG-1452) - Fixed an issue where `pg_tde_change_key_provider` did not work without the `-D` flag even if `PGDATA` was set
 * [PG-1412 :octicons-link-external-16:](https://perconadev.atlassian.net/browse/PG-1412) – Fixed an issue where `XLogFileCopy` failed with encrypted WAL during PITR and `pg_rewind`
-* [PG-1452 :octicons-link-external-16:](https://perconadev.atlassian.net/browse/PG-1452) - Fixed an issue where `pg_tde_change_key_provider` ignored PGDATA when the `-D` flag was not provided
+* [PG-1452 :octicons-link-external-16:](https://perconadev.atlassian.net/browse/PG-1452) - Fixed an issue where `pg_tde_change_key_provider` did not work without the `-D` flag even if `PGDATA` was set
 * [PG-1485 :octicons-link-external-16:](https://perconadev.atlassian.net/browse/PG-1485) - Fixed an issue where streaming replication failed with an invalid magic number in WAL when `wal_encryption` was enabled
 * [PG-1604 :octicons-link-external-16:](https://perconadev.atlassian.net/browse/PG-1604) - Fixed a crash during standby promotion caused by an invalid magic number when replaying two-phase transactions from WAL
 * [PG-1658 :octicons-link-external-16:](https://perconadev.atlassian.net/browse/PG-1658) - Fixed an issue where the global key provider could not be deleted after server restart

From 3ace8da7e7d37bbb1a99f5af6e00e09b09d2860e Mon Sep 17 00:00:00 2001
From: Dragos Andriciuc <andriciucdragos@protonmail.com>
Date: Mon, 25 Aug 2025 12:45:48 +0300
Subject: [PATCH 10/10] remove two unrequired PG's and fixed New Features list

---
 .../docs/release-notes/release-notes-v2.0.md         | 12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

diff --git a/contrib/pg_tde/documentation/docs/release-notes/release-notes-v2.0.md b/contrib/pg_tde/documentation/docs/release-notes/release-notes-v2.0.md
index 422e8c304f729..b70e1765ec15c 100644
--- a/contrib/pg_tde/documentation/docs/release-notes/release-notes-v2.0.md
+++ b/contrib/pg_tde/documentation/docs/release-notes/release-notes-v2.0.md
@@ -47,11 +47,11 @@ Adjust the limits with caution since it affects other processes running in your
 * [PG-1037 :octicons-link-external-16:](https://perconadev.atlassian.net/browse/PG-1037) - Added support for `pg_rewind` with encrypted WAL
 * [PG-1411 :octicons-link-external-16:](https://perconadev.atlassian.net/browse/PG-1497) - Added support for `pg_resetwal` with encrypted WAL
 * [PG-1603 :octicons-link-external-16:](https://perconadev.atlassian.net/browse/PG-1603) - Added support for `pg_basebackup` with encrypted WAL
-[PG-1710 :octicons-link-external-16:](https://perconadev.atlassian.net/browse/PG-1710) - Added support for WAL archiving with encrypted WAL
-[PG-1711 :octicons-link-external-16:](https://perconadev.atlassian.net/browse/PG-1711) - Added support for incremental backups with encrypted WAL, compatibility has been verified with `pg_combinebackup` and the WAL summarizer tool.
-[PG-1712 :octicons-link-external-16:](https://perconadev.atlassian.net/browse/PG-1712) - Added support for `pg_createsubscriber` with encrypted WAL
-[PG-1833 :octicons-link-external-16:](https://perconadev.atlassian.net/browse/PG-1833) - Added verified support for using `pg_waldump` with encrypted WAL
-[PG-1834 :octicons-link-external-16:](https://perconadev.atlassian.net/browse/PG-1834) - Verified `pg_upgrade` with encryption
+* [PG-1710 :octicons-link-external-16:](https://perconadev.atlassian.net/browse/PG-1710) - Added support for WAL archiving with encrypted WAL
+* [PG-1711 :octicons-link-external-16:](https://perconadev.atlassian.net/browse/PG-1711) - Added support for incremental backups with encrypted WAL, compatibility has been verified with `pg_combinebackup` and the WAL summarizer tool.
+* [PG-1712 :octicons-link-external-16:](https://perconadev.atlassian.net/browse/PG-1712) - Added support for `pg_createsubscriber` with encrypted WAL
+* [PG-1833 :octicons-link-external-16:](https://perconadev.atlassian.net/browse/PG-1833) - Added verified support for using `pg_waldump` with encrypted WAL
+* [PG-1834 :octicons-link-external-16:](https://perconadev.atlassian.net/browse/PG-1834) - Verified `pg_upgrade` with encryption
 
 ### Improvements
 
@@ -66,8 +66,6 @@ Adjust the limits with caution since it affects other processes running in your
 * [PG-1485 :octicons-link-external-16:](https://perconadev.atlassian.net/browse/PG-1485) - Fixed an issue where streaming replication failed with an invalid magic number in WAL when `wal_encryption` was enabled
 * [PG-1604 :octicons-link-external-16:](https://perconadev.atlassian.net/browse/PG-1604) - Fixed a crash during standby promotion caused by an invalid magic number when replaying two-phase transactions from WAL
 * [PG-1658 :octicons-link-external-16:](https://perconadev.atlassian.net/browse/PG-1658) - Fixed an issue where the global key provider could not be deleted after server restart
-* [PG-1727 :octicons-link-external-16:](https://perconadev.atlassian.net/browse/PG-1727) - Fixed an issue where replicas failed to decrypt encrypted WAL when using `pg_createsubscriber`
-* [PG-1813 :octicons-link-external-16:]() - Fixed an issue where a rewound primary failed to rejoin as a standby due to WAL decryption errors
 * [PG-1835 :octicons-link-external-16:](https://perconadev.atlassian.net/browse/PG-1835) - Fixed an issue where `pg_resetwal` corrupted encrypted WAL, causing PostgreSQL to fail at startup with an invalid checkpoint
 * [PG-1842 :octicons-link-external-16:](https://perconadev.atlassian.net/browse/PG-1842) - Fixed a delay in replica startup with encrypted tables in streaming replication setups
 * [PG-1843 :octicons-link-external-16:](https://perconadev.atlassian.net/browse/PG-1843) - Fixed performance issues when creating encrypted tables