Add key management system

This adds a key management system that stores (currently) two data encryption keys of length 128, 192, or 256 bits. The data keys are AES256 encrypted using a key encryption key, and validated via GCM cipher mode. A command to obtain the key encryption key must be specified at initdb time, and will be run at every database server start. New parameters allow a file descriptor open to the terminal to be passed. pg_upgrade support has also been added. Discussion: https://postgr.es/m/CA+fd4k7q5o6Nc_AaX6BcYM9yqTbC6_pnH-6nSD=54Zp6NBQTCQ@mail.gmail.com Discussion: https://postgr.es/m/20201202213814.GG20285@momjian.us Author: Masahiko Sawada, me, Stephen Frost
author: Bruce Momjian 2020-12-25 15:19:44 +0000
committer: Bruce Momjian 2020-12-25 15:19:44 +0000
commit: 978f869b992f9fca343e99d6fdb71073c76e869a (patch)
tree: b8020240551aa16da5b4fc9fbf96710de2d667e4 /doc/src/sgml/postgres.sgml
parent: 5c31afc49d0b62b357218b6f8b01782509ef8acd (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/doc/src/sgml/postgres.sgml b/doc/src/sgml/postgres.sgml
index 730d5fdc348..0ea7da604b3 100644
--- a/doc/src/sgml/postgres.sgml
+++ b/doc/src/sgml/postgres.sgml
@@ -171,6 +171,7 @@ break is not needed in a wider output rendering.
   &wal;
   &logical-replication;
   &jit;
+  &database-encryption;
   &regress;
 
  </part>
author	Bruce Momjian	2020-12-25 15:19:44 +0000
committer	Bruce Momjian	2020-12-25 15:19:44 +0000
commit	978f869b992f9fca343e99d6fdb71073c76e869a (patch)
tree	b8020240551aa16da5b4fc9fbf96710de2d667e4 /doc/src/sgml/postgres.sgml
parent	5c31afc49d0b62b357218b6f8b01782509ef8acd (diff)