-
Notifications
You must be signed in to change notification settings - Fork 19
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
38dc9ca
commit 1252429
Showing
4 changed files
with
39 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,34 @@ | ||
| # pg_tde technical preview release notes (2024-03-28) | ||
|
|
||
| `pg_tde` extension brings in [Transparent Data Encryption (TDE)](tde.md) to PostgreSQL and enables you to keep sensitive data safe and secure. | ||
|
|
||
| [Get started](../install.md){.md-button} | ||
|
|
||
| ## Release Highlights | ||
|
|
||
| The technical preview of the extension introduces the following key features: | ||
|
|
||
| * You can now rotate master keys used for data encryption. This reduces the risk of long-term exposure to potential attacks and helps you comply with security standards such as GDPR, HIPAA, and PCI DSS. | ||
|
|
||
| * You can now configure encryption differently for each database. For example, encrypt specific tables in some databases with different encryption keys while keeping others non-encrypted. | ||
|
|
||
| * Keyring configuration has undergone several improvements, namely: | ||
|
|
||
| * You can define separate keyring configuration for each database | ||
| * You can change keyring configuration dynamically, without having to restart the server | ||
| * The keyring configuration is now stored in a catalog separately for each database, instead of a configuration file | ||
| * Avoid storing secrets in the unencrypted catalog by configuring keyring parameters to be read from external sources (file, http(s) request). | ||
|
|
||
| ## Improvements | ||
|
|
||
| * Renamed the repository and Docker image from `postgres-tde-ext` to `pg_tde`. The extension name remains unchanged. | ||
| * Changed the Initialization Vector (IV) calculation of both the data and internal keys | ||
|
|
||
| ## Bugs fixed | ||
|
|
||
| * Fixed toast related crashes | ||
| * Fixed a crash with the DELETE statement | ||
| * Fixed performance-related issues | ||
| * Fixed a bug where `pg_tde` sent many 404 requests to the Vault server | ||
| * Fixed сompatibility issues with old OpenSSL versions | ||
| * Fixed сompatibility with old Curl versions |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters