Documentation updates for variables/tools and a few other things #108
Conversation
| ### Usage | ||
|
|
||
| ``` | ||
| pg_tde_change_key_provider [-D <datadir>] <dbOid> <provider_name> <new_provider_type> <provider_parameters...> |
There was a problem hiding this comment.
I think we also need to explain dbOid
There was a problem hiding this comment.
Agreed, I also thought the same thing while reading through it.
|
|
||
| A `boolean` variable controlling if creation of new not encrypted tables is enabled or not. | ||
|
|
||
| This can be set at global, database, user or session level, but changing the value requires superuser permissions. |
There was a problem hiding this comment.
What does the user level mean?
There was a problem hiding this comment.
Postgres allow GUC variables on multiple levels:
- Global
- Per database (set for specific databases)
- Per user (set for specific users)
- Per session (set for the current session)
|
|
||
| The default value is false. | ||
| * global - for the entire PostgreSQL cluster | ||
| * database - for the current database |
There was a problem hiding this comment.
for specific databases
There was a problem hiding this comment.
How to know what databases is it set for?
There was a problem hiding this comment.
We don't have to know, it's managed by postgres: https://www.postgresql.org/docs/current/sql-alterdatabase.html
It's the ALTER DATABASE ... SET variable = value; syntax.
There was a problem hiding this comment.
This is also why I didn't write a too detailed description about it. This is a common postgresql concept for most GUC variables, we shouldn't have to explain it to anybody familiar with postgres.
|
|
||
| Once `pg_tde` is removed from the `shared_preload_libraries`, reading any leftover encrypted files will fail. Removing the extension from the `shared_preload_libraries` is also possible if the extension is still installed in some databases. | ||
|
|
||
| Make sure to only do this if the server has no encrypted files in its data directory. | ||
|
|
||
| 4. Start or restart the `postgresql` cluster to apply the changes. |
There was a problem hiding this comment.
Shouldn't this now be item 5. instead of 4. twice?
|
|
||
| ### Usage | ||
|
|
||
| To modify the key provider configuration, specify all parameters depending on the provider type, in the same way as you do when using the [`pg_tde_change_key_provider_<type>`](fucntions.md#change-an-existing-provider) SQL functions. |
There was a problem hiding this comment.
| To modify the key provider configuration, specify all parameters depending on the provider type, in the same way as you do when using the [`pg_tde_change_key_provider_<type>`](fucntions.md#change-an-existing-provider) SQL functions. | |
| To modify the key provider configuration, specify all parameters depending on the provider type in the same way as you do when using the [`pg_tde_change_key_provider_<type>`](fucntions.md#change-an-existing-provider) SQL functions. |
I think no need for a comma here
| ## pg_checksums | ||
|
|
||
| `pg_checksums` is not able to calculate checksums for encrypted files. | ||
| It skips encrypted files, and reports this in the output. |
There was a problem hiding this comment.
| It skips encrypted files, and reports this in the output. | |
| It skips encrypted files and reports this in the output. |
No need for a comma here
|
|
||
| Once `pg_tde` is removed from the `shared_preload_libraries`, reading any leftover encrypted files will fail. Removing the extension from the `shared_preload_libraries` is also possible if the extension is still installed in some databases. | ||
|
|
||
| Make sure to only do this if the server has no encrypted files in its data directory. |
There was a problem hiding this comment.
| Make sure to only do this if the server has no encrypted files in its data directory. | |
| Make sure to do this only if the server has no encrypted files in its data directory. |
Co-authored-by: Andrew Pogrebnoi <[email protected]>
No description provided.