git.postgresql.org Git - postgresql.git/commit

author	Bruce Momjian <bruce@momjian.us>
	Fri, 25 Dec 2020 15:19:44 +0000 (10:19 -0500)
committer	Bruce Momjian <bruce@momjian.us>
	Fri, 25 Dec 2020 15:19:44 +0000 (10:19 -0500)
commit	978f869b992f9fca343e99d6fdb71073c76e869a
tree	b8020240551aa16da5b4fc9fbf96710de2d667e4	tree
parent	5c31afc49d0b62b357218b6f8b01782509ef8acd	commit \| diff

Add key management system

This adds a key management system that stores (currently) two data
encryption keys of length 128, 192, or 256 bits.  The data keys are
AES256 encrypted using a key encryption key, and validated via GCM
cipher mode.  A command to obtain the key encryption key must be
specified at initdb time, and will be run at every database server
start.  New parameters allow a file descriptor open to the terminal to
be passed.  pg_upgrade support has also been added.

Discussion: https://postgr.es/m/CA+fd4k7q5o6Nc_AaX6BcYM9yqTbC6_pnH-6nSD=54Zp6NBQTCQ@mail.gmail.com
Discussion: https://postgr.es/m/20201202213814.GG20285@momjian.us

Author: Masahiko Sawada, me, Stephen Frost

49 files changed:

doc/src/sgml/config.sgml		diff \| blob \| blame \| history
doc/src/sgml/database-encryption.sgml	[new file with mode: 0644]	blob
doc/src/sgml/filelist.sgml		diff \| blob \| blame \| history
doc/src/sgml/installation.sgml		diff \| blob \| blame \| history
doc/src/sgml/postgres.sgml		diff \| blob \| blame \| history
doc/src/sgml/ref/initdb.sgml		diff \| blob \| blame \| history
doc/src/sgml/ref/pg_ctl-ref.sgml		diff \| blob \| blame \| history
doc/src/sgml/ref/pgupgrade.sgml		diff \| blob \| blame \| history
doc/src/sgml/ref/postgres-ref.sgml		diff \| blob \| blame \| history
doc/src/sgml/storage.sgml		diff \| blob \| blame \| history
src/backend/Makefile		diff \| blob \| blame \| history
src/backend/access/transam/xlog.c		diff \| blob \| blame \| history
src/backend/bootstrap/bootstrap.c		diff \| blob \| blame \| history
src/backend/crypto/Makefile	[new file with mode: 0644]	blob
src/backend/crypto/kmgr.c	[new file with mode: 0644]	blob
src/backend/main/main.c		diff \| blob \| blame \| history
src/backend/postmaster/pgstat.c		diff \| blob \| blame \| history
src/backend/postmaster/postmaster.c		diff \| blob \| blame \| history
src/backend/replication/basebackup.c		diff \| blob \| blame \| history
src/backend/storage/ipc/ipci.c		diff \| blob \| blame \| history
src/backend/storage/lmgr/lwlocknames.txt		diff \| blob \| blame \| history
src/backend/tcop/postgres.c		diff \| blob \| blame \| history
src/backend/utils/misc/guc.c		diff \| blob \| blame \| history
src/backend/utils/misc/pg_controldata.c		diff \| blob \| blame \| history
src/backend/utils/misc/postgresql.conf.sample		diff \| blob \| blame \| history
src/bin/initdb/initdb.c		diff \| blob \| blame \| history
src/bin/pg_controldata/pg_controldata.c		diff \| blob \| blame \| history
src/bin/pg_ctl/pg_ctl.c		diff \| blob \| blame \| history
src/bin/pg_resetwal/pg_resetwal.c		diff \| blob \| blame \| history
src/bin/pg_rewind/filemap.c		diff \| blob \| blame \| history
src/bin/pg_upgrade/check.c		diff \| blob \| blame \| history
src/bin/pg_upgrade/controldata.c		diff \| blob \| blame \| history
src/bin/pg_upgrade/file.c		diff \| blob \| blame \| history
src/bin/pg_upgrade/option.c		diff \| blob \| blame \| history
src/bin/pg_upgrade/pg_upgrade.h		diff \| blob \| blame \| history
src/bin/pg_upgrade/server.c		diff \| blob \| blame \| history
src/common/Makefile		diff \| blob \| blame \| history
src/common/cipher.c	[new file with mode: 0644]	blob
src/common/cipher_openssl.c	[new file with mode: 0644]	blob
src/common/kmgr_utils.c	[new file with mode: 0644]	blob
src/include/catalog/pg_control.h		diff \| blob \| blame \| history
src/include/common/cipher.h	[new file with mode: 0644]	blob
src/include/common/kmgr_utils.h	[new file with mode: 0644]	blob
src/include/crypto/kmgr.h	[new file with mode: 0644]	blob
src/include/pgstat.h		diff \| blob \| blame \| history
src/include/postmaster/postmaster.h		diff \| blob \| blame \| history
src/include/utils/guc_tables.h		diff \| blob \| blame \| history
src/test/Makefile		diff \| blob \| blame \| history
src/tools/msvc/Mkvcbuild.pm		diff \| blob \| blame \| history

This is the main PostgreSQL git repository.

RSS Atom