Skip to content

Releases: Percona-Lab/pg_tde

Alpha 1

16 Apr 09:44
@ImTheKai ImTheKai
1.0.0-alpha
50b55b7
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
Alpha 1

pg_tde release notes

Alpha 1 (2024-03-28)

pg_tde extension brings in Transparent Data Encryption (TDE) to PostgreSQL and enables you to keep sensitive data safe and secure.

Get started

Release Highlights

The technical preview of the extension introduces the following key features:

  • You can now rotate master keys used for data encryption. This reduces the risk of long-term exposure to potential attacks and helps you comply with security standards such as GDPR, HIPAA, and PCI DSS.

  • You can now configure encryption differently for each database. For example, encrypt specific tables in some databases with different encryption keys while keeping others non-encrypted.

  • Keyring configuration has undergone several improvements, namely:

    • You can define separate keyring configuration for each database
    • You can change keyring configuration dynamically, without having to restart the server
    • The keyring configuration is now stored in a catalog separately for each database, instead of a configuration file
    • Avoid storing secrets in the unencrypted catalog by configuring keyring parameters to be read from external sources (file, http(s) request)

Improvements

  • Renamed the repository and Docker image from postgres-tde-ext to pg_tde. The extension name remains unchanged
  • Changed the Initialization Vector (IV) calculation of both the data and internal keys

Bugs fixed

  • Fixed toast related crashes
  • Fixed a crash with the DELETE statement
  • Fixed performance-related issues
  • Fixed a bug where pg_tde sent many 404 requests to the Vault server
  • Fixed сompatibility issues with old OpenSSL versions
  • Fixed сompatibility with old Curl versions

MVP (2023-12-12)

The Minimum Viable Product (MVP) version introduces the following functionality:

  • Encryption of heap tables, including TOAST
  • Encryption keys are stored either in Hashicorp Vault server or in local keyring file (for development)
  • The key storage is configurable via separate JSON configuration files
  • Replication support
Assets 2

HEAD

19 Sep 09:26
@github-actions github-actions
latest
5826d48
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
HEAD Latest
Latest

What's Changed

  • Basic encryption code by @dutow in #2
  • Fix compilation with PGXS by @dAdAbird in #3
  • Remove full tuple encrytion by @dAdAbird in #4
  • Adding basic github actions which test different build modes by @dutow in #7
  • Use postgres mem context in decryption by @dAdAbird in #6
  • Code re-arrangement, Makefile fixes and implementing '.tde' relation fork by @codeforall in #5
  • Revert changes in upstream code and use specific commits for CI checks by @dutow in #11
  • Adding infrastructure to clean files based on transaction status by @codeforall in #10
  • Minimal keyring prototype by @dutow in #8
  • Fixing page pruning / compaction crash by @dutow in #15
  • Merge with the latest PG 16 sources as well as addition of the heap_merge.sh tool by @EngineeredVirus in #18
  • Added documentation by @dutow in #17
  • Deleting respective tde fork file with Drop Table by @codeforall in #19
  • Merge current code to main branch by @dutow in #20
  • Fix VACUUM FULL by @dAdAbird in #22
  • Fix compaction of non-presorted tuples by @dAdAbird in #21
  • Uploading pgdg binary package by @dutow in #23

New Contributors

  • @codeforall made their first contribution in #5
  • @EngineeredVirus made their first contribution in #18

Full Changelog: https://github.com/Percona-Lab/postgres-tde-ext/commits/latest

Contributors

dutow, codeforall, and dAdAbird
Assets 4