Skip to content

fix: duplicate "enable encryption" section #836

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 1 commit into from
Closed

fix: duplicate "enable encryption" section #836

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
64 changes: 0 additions & 64 deletions docs/docker.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -98,70 +98,6 @@ Where:

## Enable encryption

Percona Distribution for PostgreSQL Docker image includes the `pg_tde` extension to provide data encryption. You must explicitly enable it when you start the container. For more information, see the [pg_tde documentation](https://docs.percona.com/pg-tde/index.html).

Follow these steps to enable `pg_tde`:

1. Start the container with the `ENABLE_PG_TDE=1` environment variable:

```{.bash data-prompt="$"}
docker run --name container-name -e ENABLE_PG_TDE=1 -e POSTGRES_PASSWORD=sUpers3cRet -d percona/percona-distribution-postgresql:{{dockertag}}
```

where:

* `container-name` is the name you assign to your container
* `ENABLE_PG_TDE=1` adds the `pg_tde` to the `shared_preload_libraries` and enables the custom storage manager
* `POSTGRES_PASSWORD` is the superuser password

2. Connect to the container and start the interactive `psql` session:

```{.bash data-prompt="$"}
docker exec -it container-name psql
```

??? example "Sample output"

```{.text .no-copy}
psql ({{dockertag}} - Percona Server for PostgreSQL {{dockertag}}.1)
Type "help" for help.

postgres=#
```

3. Create the extension in the database where you want to encrypt data. This requires superuser privileges.

```sql
CREATE EXTENSION pg_tde;
```

4. Configure a key provider with a keyring file. This setup is intended for development and stores the keys unencrypted in the specified data file. The below sample configuration is intended for testing and development purposes.

!!! note
For production use, we **strongly recommend** setting up an external key management store and configure an external key provider. Refer to the [Setup :octicons-link-external-16:](https://docs.percona.com/pg-tde/setup.html#key-provider-configuration) topic in the `pg_tde` documentation.

<i warning>:material-information: Warning:</i> This example is for testing purposes only:

```sql
SELECT pg_tde_add_database_key_provider_file('file-vault', '/tmp/pg_tde_test_001_basic.per');
```

5. Set the principal key:

```sql
SELECT pg_tde_set_key_using_database_key_provider('test-db-key', 'file-vault');
```

The key is auto-generated. You are ready to use data encryption.

6. Create a table with encryption enabled. Pass the `USING tde_heap` clause to the `CREATE TABLE` command:

```sql
CREATE TABLE <table_name> (<field> <datatype>) USING tde_heap;
```

## Enable encryption

Percona Distribution for PostgreSQL Docker image includes the `pg_tde` extension to provide data encryption. You must explicitly enable it when you start the container.

Here's how to do this:
Expand Down