From 1252429ca721065c0b4df123c82293711eeb22a3 Mon Sep 17 00:00:00 2001 From: Anastasia Alexadrova Date: Wed, 20 Mar 2024 11:47:42 +0100 Subject: [PATCH] Tech-preview-release-notes --- .github/workflows/doc-build.yaml | 2 +- documentation/docs/index.md | 2 ++ .../docs/release-notes/tech-preview.md | 34 +++++++++++++++++++ documentation/mkdocs.yml | 4 +-- 4 files changed, 39 insertions(+), 3 deletions(-) create mode 100644 documentation/docs/release-notes/tech-preview.md diff --git a/.github/workflows/doc-build.yaml b/.github/workflows/doc-build.yaml index e40fa34f..eedc5931 100644 --- a/.github/workflows/doc-build.yaml +++ b/.github/workflows/doc-build.yaml @@ -51,7 +51,7 @@ jobs: cd documentation mike deploy main -p mike set-default main -p - mike retitle main "MVP" -p + mike retitle main "Tech preview" -p # - name: Install Node.js 14.x diff --git a/documentation/docs/index.md b/documentation/docs/index.md index 248b9377..d964f6bf 100644 --- a/documentation/docs/index.md +++ b/documentation/docs/index.md @@ -6,6 +6,8 @@ This is the MVP version of the extension and is not meant for production use yet. +[What's new](release-notes/tech-preview.md){.md-button} + ## What's encrypted `pg_tde` encrypts the following: diff --git a/documentation/docs/release-notes/tech-preview.md b/documentation/docs/release-notes/tech-preview.md new file mode 100644 index 00000000..16cb5454 --- /dev/null +++ b/documentation/docs/release-notes/tech-preview.md @@ -0,0 +1,34 @@ +# pg_tde technical preview release notes (2024-03-28) + +`pg_tde` extension brings in [Transparent Data Encryption (TDE)](tde.md) to PostgreSQL and enables you to keep sensitive data safe and secure. + +[Get started](../install.md){.md-button} + +## Release Highlights + +The technical preview of the extension introduces the following key features: + +* You can now rotate master keys used for data encryption. This reduces the risk of long-term exposure to potential attacks and helps you comply with security standards such as GDPR, HIPAA, and PCI DSS. + +* You can now configure encryption differently for each database. For example, encrypt specific tables in some databases with different encryption keys while keeping others non-encrypted. + +* Keyring configuration has undergone several improvements, namely: + + * You can define separate keyring configuration for each database + * You can change keyring configuration dynamically, without having to restart the server + * The keyring configuration is now stored in a catalog separately for each database, instead of a configuration file + * Avoid storing secrets in the unencrypted catalog by configuring keyring parameters to be read from external sources (file, http(s) request). + +## Improvements + +* Renamed the repository and Docker image from `postgres-tde-ext` to `pg_tde`. The extension name remains unchanged. +* Changed the Initialization Vector (IV) calculation of both the data and internal keys + +## Bugs fixed + +* Fixed toast related crashes +* Fixed a crash with the DELETE statement +* Fixed performance-related issues +* Fixed a bug where `pg_tde` sent many 404 requests to the Vault server +* Fixed сompatibility issues with old OpenSSL versions +* Fixed сompatibility with old Curl versions \ No newline at end of file diff --git a/documentation/mkdocs.yml b/documentation/mkdocs.yml index 9181c917..06c3bb00 100644 --- a/documentation/mkdocs.yml +++ b/documentation/mkdocs.yml @@ -125,8 +125,8 @@ nav: - "Install": "install.md" - "Set up": "setup.md" - Test TDE: "test.md" - - How to: - - Configure streaming replication: replication.md + - Release notes: + - "pg_tde tech preview": release-notes/tech-preview.md - uninstall.md - contribute.md