Add key management system

This adds a key management system that stores (currently) two data encryption keys of length 128, 192, or 256 bits. The data keys are AES256 encrypted using a key encryption key, and validated via GCM cipher mode. A command to obtain the key encryption key must be specified at initdb time, and will be run at every database server start. New parameters allow a file descriptor open to the terminal to be passed. pg_upgrade support has also been added. Discussion: https://postgr.es/m/CA+fd4k7q5o6Nc_AaX6BcYM9yqTbC6_pnH-6nSD=54Zp6NBQTCQ@mail.gmail.com Discussion: https://postgr.es/m/20201202213814.GG20285@momjian.us Author: Masahiko Sawada, me, Stephen Frost
author: Bruce Momjian 2020-12-25 15:19:44 +0000
committer: Bruce Momjian 2020-12-25 15:19:44 +0000
commit: 978f869b992f9fca343e99d6fdb71073c76e869a (patch)
tree: b8020240551aa16da5b4fc9fbf96710de2d667e4 /src/include/pgstat.h
parent: 5c31afc49d0b62b357218b6f8b01782509ef8acd (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/src/include/pgstat.h b/src/include/pgstat.h
index 5954068dec..b8f98f9a58 100644
--- a/src/include/pgstat.h
+++ b/src/include/pgstat.h
@@ -1010,6 +1010,9 @@ typedef enum
 	WAIT_EVENT_DATA_FILE_TRUNCATE,
 	WAIT_EVENT_DATA_FILE_WRITE,
 	WAIT_EVENT_DSM_FILL_ZERO_WRITE,
+	WAIT_EVENT_KEY_FILE_READ,
+	WAIT_EVENT_KEY_FILE_WRITE,
+	WAIT_EVENT_KEY_FILE_SYNC,
 	WAIT_EVENT_LOCK_FILE_ADDTODATADIR_READ,
 	WAIT_EVENT_LOCK_FILE_ADDTODATADIR_SYNC,
 	WAIT_EVENT_LOCK_FILE_ADDTODATADIR_WRITE,
author	Bruce Momjian	2020-12-25 15:19:44 +0000
committer	Bruce Momjian	2020-12-25 15:19:44 +0000
commit	978f869b992f9fca343e99d6fdb71073c76e869a (patch)
tree	b8020240551aa16da5b4fc9fbf96710de2d667e4 /src/include/pgstat.h
parent	5c31afc49d0b62b357218b6f8b01782509ef8acd (diff)