From 978f869b992f9fca343e99d6fdb71073c76e869a Mon Sep 17 00:00:00 2001
From: Bruce Momjian
Date: Fri, 25 Dec 2020 10:19:44 -0500
Subject: Add key management system

This adds a key management system that stores (currently) two data
encryption keys of length 128, 192, or 256 bits.  The data keys are
AES256 encrypted using a key encryption key, and validated via GCM
cipher mode.  A command to obtain the key encryption key must be
specified at initdb time, and will be run at every database server
start.  New parameters allow a file descriptor open to the terminal to
be passed.  pg_upgrade support has also been added.

Discussion: https://postgr.es/m/CA+fd4k7q5o6Nc_AaX6BcYM9yqTbC6_pnH-6nSD=54Zp6NBQTCQ@mail.gmail.com
Discussion: https://postgr.es/m/20201202213814.GG20285@momjian.us

Author: Masahiko Sawada, me, Stephen Frost
---
 src/backend/main/main.c | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'src/backend/main')

diff --git a/src/backend/main/main.c b/src/backend/main/main.c
index b6e51288326..19aa502614e 100644
--- a/src/backend/main/main.c
+++ b/src/backend/main/main.c
@@ -324,6 +324,7 @@ help(const char *progname)
 #endif
 	printf(_("  -N MAX-CONNECT     maximum number of allowed connections\n"));
 	printf(_("  -p PORT            port number to listen on\n"));
+	printf(_("  -R fd              prompt for the cluster key\n"));
 	printf(_("  -s                 show statistics after each query\n"));
 	printf(_("  -S WORK-MEM        set amount of memory for sorts (in kB)\n"));
 	printf(_("  -V, --version      output version information, then exit\n"));
@@ -351,7 +352,9 @@ help(const char *progname)
 	printf(_("\nOptions for bootstrapping mode:\n"));
 	printf(_("  --boot             selects bootstrapping mode (must be first argument)\n"));
 	printf(_("  DBNAME             database name (mandatory argument in bootstrapping mode)\n"));
+	printf(_("  -K LEN             enable cluster file encryption with specified key length\n"));
 	printf(_("  -r FILENAME        send stdout and stderr to given file\n"));
+	printf(_("  -u DATADIR         copy encryption keys from datadir\n"));
 	printf(_("  -x NUM             internal use\n"));
 
 	printf(_("\nPlease read the documentation for the complete list of run-time\n"
-- 
cgit v1.2.3