Skip to content

PG-1257 Add function for principal key removal #374

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jun 10, 2025
Merged

PG-1257 Add function for principal key removal #374

merged 1 commit into from
Jun 10, 2025

Conversation

artemgavrilov
Copy link
Collaborator

@artemgavrilov artemgavrilov commented May 28, 2025
edited
Loading

https://perconadev.atlassian.net/browse/PG-1257

Add SQL functions that allow user to remove principal key.

  • Database level principal key can be removed if there are no encrypted tables or if there is default key. For the first case we just drop key map file completely, for the second we perform key rotation.
  • Default principal key can be removed if there are no databases that use it.

@artemgavrilov artemgavrilov force-pushed the PG-1257-principal-key-remove-feature branch 2 times, most recently from 2849a87 to 179f5d7 Compare May 28, 2025 15:49
@artemgavrilov artemgavrilov force-pushed the PG-1257-principal-key-remove-feature branch from 1392bd7 to 5f91c64 Compare May 28, 2025 16:08
@artemgavrilov artemgavrilov force-pushed the PG-1257-principal-key-remove-feature branch from 5f91c64 to 369410e Compare May 28, 2025 21:09
@artemgavrilov artemgavrilov force-pushed the PG-1257-principal-key-remove-feature branch from 369410e to a18fe38 Compare May 28, 2025 22:16
@artemgavrilov artemgavrilov force-pushed the PG-1257-principal-key-remove-feature branch from a18fe38 to bd88553 Compare May 28, 2025 22:29
@artemgavrilov artemgavrilov force-pushed the PG-1257-principal-key-remove-feature branch from 4c1a316 to 4553814 Compare May 28, 2025 22:56
@artemgavrilov artemgavrilov marked this pull request as ready for review May 28, 2025 22:56
nastena1606
nastena1606 reviewed May 29, 2025
View reviewed changes
dAdAbird
dAdAbird reviewed May 30, 2025
View reviewed changes
jeltz
jeltz requested changes May 30, 2025
View reviewed changes
contrib/pg_tde/src/catalog/tde_principal_key.c Outdated
PG_RETURN_VOID();
}

pg_tde_delete_principal_key(MyDatabaseId, true);
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does it make sense that we delete the copy of the principal key from the database here? Probably but hmm ...

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure that I understood what confused you

@artemgavrilov artemgavrilov force-pushed the PG-1257-principal-key-remove-feature branch from c9b98c3 to fabd2d0 Compare June 6, 2025 11:59
@artemgavrilov artemgavrilov force-pushed the PG-1257-principal-key-remove-feature branch from fabd2d0 to 8575783 Compare June 6, 2025 13:39
jeltz
jeltz requested changes Jun 9, 2025
View reviewed changes
Copy link
Collaborator

@jeltz jeltz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good but I had some minor comments.

@artemgavrilov artemgavrilov force-pushed the PG-1257-principal-key-remove-feature branch from 8575783 to 44065d4 Compare June 10, 2025 08:36
@artemgavrilov artemgavrilov force-pushed the PG-1257-principal-key-remove-feature branch from 44065d4 to e02fd51 Compare June 10, 2025 09:30
@artemgavrilov artemgavrilov force-pushed the PG-1257-principal-key-remove-feature branch 2 times, most recently from 30181c6 to dd71c27 Compare June 10, 2025 10:10
@artemgavrilov artemgavrilov requested a review from jeltz June 10, 2025 10:21
jeltz
jeltz approved these changes Jun 10, 2025
View reviewed changes
Copy link
Collaborator

@jeltz jeltz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great!

Andriciuc
Andriciuc approved these changes Jun 10, 2025
View reviewed changes
Copy link
Collaborator

@Andriciuc Andriciuc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, approved!

@artemgavrilov artemgavrilov force-pushed the PG-1257-principal-key-remove-feature branch from dd71c27 to 72d5fce Compare June 10, 2025 12:38
@artemgavrilov
PG-1257 Add functions for principal key removal
5df6c58 
Add SQL functions that allow user to remove principal key.

* Database level principal key can be removed if there are no encrypted tables or if there is default key. For the first case we just drop key map file completely, for the second we perform key rotation.
* Default principal key can be removed if there are no databases that use it.

Readded the DELETE key function to docs based on 1257 in Architecture chapter where we also update from DROP to DELETE.
@artemgavrilov artemgavrilov force-pushed the PG-1257-principal-key-remove-feature branch from 72d5fce to 5df6c58 Compare June 10, 2025 13:20
@nastena1606 nastena1606 temporarily deployed to PG-1257-principal-key-remove-feature - pg-tde-docs PR #374 June 10, 2025 13:20 — with Render Destroyed
@nastena1606 nastena1606 temporarily deployed to PG-1257-principal-key-remove-feature - INTERNAL-pg_tde docs PR #374 June 10, 2025 13:20 — with Render Destroyed
@artemgavrilov artemgavrilov merged commit 6007180 into TDE_REL_17_STABLE Jun 10, 2025
16 checks passed
@artemgavrilov artemgavrilov deleted the PG-1257-principal-key-remove-feature branch June 10, 2025 13:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jeltz jeltz jeltz approved these changes

@Andriciuc Andriciuc Andriciuc approved these changes

@dAdAbird dAdAbird dAdAbird approved these changes

@dutow dutow Awaiting requested review from dutow dutow is a code owner

@AndersAstrand AndersAstrand Awaiting requested review from AndersAstrand

@nastena1606 nastena1606 Awaiting requested review from nastena1606 nastena1606 is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@artemgavrilov @codecov-commenter @jeltz @Andriciuc @dAdAbird @nastena1606