cloud: Premium supports CMEK#22822
Merged
ti-chi-bot[bot] merged 20 commits intopingcap:feature/preview-premiumfrom Apr 29, 2026
Merged
cloud: Premium supports CMEK#22822ti-chi-bot[bot] merged 20 commits intopingcap:feature/preview-premiumfrom
ti-chi-bot[bot] merged 20 commits intopingcap:feature/preview-premiumfrom
Conversation
- Add manual backup feature with key characteristics and creation steps
- Update PITR window to 7 days for premium instances
- Fix Premium naming consistency using {{{ .premium }}} variable
- Remove manual backup limitation note since it's now supported
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Co-authored-by: Aolin <aolinz@outlook.com>
Add documentation for CMEK (Customer-Managed Encryption Key) and Service-Managed Encryption Key features on TiDB Cloud Premium. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
ti-chi-bot
Bot
added
contribution
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Code Review
This pull request introduces a new documentation page for Dual-layer Data Encryption on TiDB Cloud Premium, detailing encryption mechanisms, key management options (CMEK and Service-Managed), and procedures for enabling and managing these features. The review feedback provides numerous actionable suggestions to align the content with the style guide, including converting headings to sentence case, correcting punctuation and typos, using template variables consistently, and improving sentence structure for better clarity and conciseness.
| - **Maintain key availability**: Even if you delete the original Premium TiDB instance, the associated KMS master key must remain active to successfully recover the backup data. | ||
| - **Ensure correct authorization**: During a restore operation, you must configure the exact same KMS master key associated with the backup and ensure it has the proper permissions for data access. | ||
|
|
||
| ### Key Management Mechanism |
Contributor
There was a problem hiding this comment.
Use sentence case for headings.
Suggested change
| ### Key Management Mechanism | |
| ### Key management mechanism |
References
- Use sentence case for headings. (link)
Collaborator
|
/cc @Oreoxmt |
Collaborator
|
/assign |
Oreoxmt
added
translation/no-need
ti-chi-bot
Bot
removed
the
missing-translation-status
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
cloud: update Dual-Layer Data Encryption for Premium
Oreoxmt
approved these changes
Apr 29, 2026
ti-chi-bot
Bot
added
lgtm
and removed
needs-1-more-lgtm
Collaborator
|
/approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: Oreoxmt The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Collaborator
|
/unhold |
ti-chi-bot
Bot
removed
the
do-not-merge/hold
ti-chi-bot
Bot
merged commit 95d48c1
into
pingcap:feature/preview-premium
12 checks passed
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
First-time contributors' checklist
What is changed, added or deleted? (Required)
added Descriptions about CMEK
Which TiDB version(s) do your changes apply to? (Required)
Tips for choosing the affected version(s):
By default, CHOOSE MASTER ONLY so your changes will be applied to the next TiDB major or minor releases. If your PR involves a product feature behavior change or a compatibility change, CHOOSE THE AFFECTED RELEASE BRANCH(ES) AND MASTER.
For details, see tips for choosing the affected versions.
What is the related PR or file link(s)?
Do your changes match any of the following descriptions?