Encrypt relation's Internal Key in XLog #97
Conversation
src/access/pg_tde_tdemap.c
Outdated
| } | ||
| if(master_key_info == NULL) | ||
| { | ||
| ereport(ERROR, |
There was a problem hiding this comment.
Incorrect indentation - it's already there in the original, but now that we move it, it's a good time to fix it
src/access/pg_tde_tdemap.c
Outdated
| @@ -394,6 +398,9 @@ pg_tde_xlog_create_fork(XLogReaderState *record) | |||
| char *rec = XLogRecGetData(record); | |||
| RelFileLocator rlocator; | |||
| InternalKey int_key = {0}; | |||
| InternalKey int_key_enc = {0}; | |||
| uint8 mkey_len; | |||
There was a problem hiding this comment.
seems like another indentation issue?
src/access/pg_tde_tdemap.c
Outdated
| @@ -347,6 +330,27 @@ pg_tde_get_key_file_path(const RelFileLocator *newrlocator) | |||
| return key_file_path; | |||
| } | |||
|
|
|||
| void | |||
| pg_tde_decrypt_internal_key(const InternalKey *in, InternalKey *out, const char *MasterKeyName) | |||
There was a problem hiding this comment.
MasterKeyName also seems inconsistent with the other variable/argument names
|
I reckoned it make sense to run |
|
@dAdAbird pgIndent is a good idea, but could we do it in a separate PR instead? Maybe even on the entire code? With this now, if you squash and merge, we'll end up with lots of formatting changes and some logic changes in a single commit. |
XLog record with its Internal Key for replication purposes. This commit makes this Key encrypted with the master key. Therefore we have to add also a master key name to XLog. That also means that standbys should have access to the very same master key as the primary. Fix percona#56
dAdAbird
force-pushed
the
xlog_enc_intKey
branch
from
674bf4f to
e0ca0fa
Compare
|
@dutow I rearranged commits so there are two now - changes and formatting - so we can merge this PR instead of squashing |
dAdAbird
force-pushed
the
xlog_enc_intKey
branch
from
e0ca0fa to
9e699be
Compare
XLog record with its Internal Key for replication purposes. This commit makes this Key encrypted with the master key. Therefore we have to add also a master key name to XLog. That also means that standbys should have access to the very same master key as the primary.
Fix #56