Merge pull request #214 from dAdAbird/xlog_key_mgmt

Add key management for WAL Make the *.map *.dat processing code aware of custom databases and table spaces Add XLog GUC and init the keyring based on that. Only FS for now Make the internal/external key infrastructure work with custom (not stored in the database) keyrings. Check and create an internal key for XLog during the server start. If the key is created (not the first start with the EncryptWAL), then upload it into the cache. We can't read the key from files while writing the XLog to the disk as it happens in the critical section and no palloc is allowed. Create a custom cache for the global catalog external key as we can't use PG's hashmap during the (again, no pallocs in critical section). During the server start, when pg_tde module is loading and it needs to read *.map, *.dat file, InitFileAccess is yet to be called, hence Vfd isn't ready to use. The same gonna happen during recovery. So use raw pread/pwrite calls istead.
percona · Jun 25, 2024 · a670e46 · a670e46
2 parents dfb9b8d + d4181b6
commit a670e46
Show file tree

Hide file tree

Showing 17 changed files with 742 additions and 310 deletions.
diff --git a/Makefile.in b/Makefile.in
@@ -40,6 +40,7 @@ src/keyring/keyring_curl.o \
 src/keyring/keyring_file.o \
 src/keyring/keyring_vault.o \
 src/keyring/keyring_api.o \
+src/catalog/tde_global_catalog.o \
 src/catalog/tde_keyring.o \
 src/catalog/tde_master_key.o \
 src/common/pg_tde_shmem.o \

diff --git a/meson.build b/meson.build
@@ -40,6 +40,7 @@ pg_tde_sources = files(
 
         'src/smgr/pg_tde_smgr.c',
 
+        'src/catalog/tde_global_catalog.c',
         'src/catalog/tde_keyring.c',
         'src/catalog/tde_master_key.c',
         'src/common/pg_tde_shmem.c',