diff options
| author | Bruce Momjian | 2020-12-25 15:19:44 +0000 |
|---|---|---|
| committer | Bruce Momjian | 2020-12-25 15:19:44 +0000 |
| commit | 978f869b992f9fca343e99d6fdb71073c76e869a (patch) | |
| tree | b8020240551aa16da5b4fc9fbf96710de2d667e4 /src/backend/main | |
| parent | 5c31afc49d0b62b357218b6f8b01782509ef8acd (diff) | |
Add key management system
This adds a key management system that stores (currently) two data
encryption keys of length 128, 192, or 256 bits. The data keys are
AES256 encrypted using a key encryption key, and validated via GCM
cipher mode. A command to obtain the key encryption key must be
specified at initdb time, and will be run at every database server
start. New parameters allow a file descriptor open to the terminal to
be passed. pg_upgrade support has also been added.
Discussion: https://postgr.es/m/CA+fd4k7q5o6Nc_AaX6BcYM9yqTbC6_pnH-6nSD=54Zp6NBQTCQ@mail.gmail.com
Discussion: https://postgr.es/m/[email protected]
Author: Masahiko Sawada, me, Stephen Frost
Diffstat (limited to 'src/backend/main')
| -rw-r--r-- | src/backend/main/main.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/src/backend/main/main.c b/src/backend/main/main.c index b6e51288326..19aa502614e 100644 --- a/src/backend/main/main.c +++ b/src/backend/main/main.c @@ -324,6 +324,7 @@ help(const char *progname) #endif printf(_(" -N MAX-CONNECT maximum number of allowed connections\n")); printf(_(" -p PORT port number to listen on\n")); + printf(_(" -R fd prompt for the cluster key\n")); printf(_(" -s show statistics after each query\n")); printf(_(" -S WORK-MEM set amount of memory for sorts (in kB)\n")); printf(_(" -V, --version output version information, then exit\n")); @@ -351,7 +352,9 @@ help(const char *progname) printf(_("\nOptions for bootstrapping mode:\n")); printf(_(" --boot selects bootstrapping mode (must be first argument)\n")); printf(_(" DBNAME database name (mandatory argument in bootstrapping mode)\n")); + printf(_(" -K LEN enable cluster file encryption with specified key length\n")); printf(_(" -r FILENAME send stdout and stderr to given file\n")); + printf(_(" -u DATADIR copy encryption keys from datadir\n")); printf(_(" -x NUM internal use\n")); printf(_("\nPlease read the documentation for the complete list of run-time\n" |