CREATE EXTENSION IF NOT EXISTS pg_tde;

SELECT extname, extversion FROM pg_extension WHERE extname = 'pg_tde';

CREATE TABLE test_enc(id SERIAL,k INTEGER,PRIMARY KEY (id)) USING tde_heap;

psql:<stdin>:1: ERROR: principal key not configured

HINT: create one using pg_tde_set_key before using encrypted tables

-- server restart

SELECT pg_tde_add_database_key_provider_file('file-vault','/tmp/pg_tde_test_keyring.per');

SELECT pg_tde_set_key_using_database_key_provider('test-db-key','file-vault');

CREATE TABLE test_enc(id SERIAL,k VARCHAR(32),PRIMARY KEY (id)) USING tde_heap;

INSERT INTO test_enc (k) VALUES ('foobar'),('barfoo');

SELECT * FROM test_enc ORDER BY id ASC;

-- server restart

SELECT * FROM test_enc ORDER BY id ASC;

TABLEFILE FOUND: yes

CONTAINS FOO (should be empty):

HINT: create one using pg_tde_set_key before using encrypted tables

-- server restart

SELECT pg_tde_add_database_key_provider_file('file-vault','/tmp/pg_tde_test_keyring.per');

SELECT pg_tde_add_database_key_provider_file('file-2','/tmp/pg_tde_test_keyring_2.per');

SELECT pg_tde_add_global_key_provider_file('file-2','/tmp/pg_tde_test_keyring_2g.per');

SELECT pg_tde_add_global_key_provider_file('file-3','/tmp/pg_tde_test_keyring_3.per');

SELECT pg_tde_list_all_database_key_providers();

SELECT pg_tde_set_key_using_database_key_provider('test-db-key','file-vault');

CREATE TABLE test_enc(id SERIAL,k INTEGER,PRIMARY KEY (id)) USING tde_heap;

INSERT INTO test_enc (k) VALUES (5),(6);

SELECT * FROM test_enc ORDER BY id ASC;

SELECT pg_tde_set_key_using_database_key_provider('rotated-key1');

SELECT * FROM test_enc ORDER BY id ASC;

-- server restart

SELECT key_provider_id, key_provider_name, key_name FROM pg_tde_key_info();

SELECT key_provider_id, key_provider_name, key_name FROM pg_tde_server_key_info();

psql:<stdin>:1: ERROR: Principal key does not exists for the database

HINT: Use set_key interface to set the principal key

SELECT * FROM test_enc ORDER BY id ASC;

SELECT pg_tde_set_key_using_database_key_provider('rotated-key2','file-2');

SELECT * FROM test_enc ORDER BY id ASC;

-- server restart

SELECT key_provider_id, key_provider_name, key_name FROM pg_tde_key_info();

SELECT key_provider_id, key_provider_name, key_name FROM pg_tde_server_key_info();

psql:<stdin>:1: ERROR: Principal key does not exists for the database

HINT: Use set_key interface to set the principal key

SELECT * FROM test_enc ORDER BY id ASC;

SELECT pg_tde_set_key_using_global_key_provider('rotated-key', 'file-3', false);

SELECT * FROM test_enc ORDER BY id ASC;

-- server restart

SELECT key_provider_id, key_provider_name, key_name FROM pg_tde_key_info();

SELECT key_provider_id, key_provider_name, key_name FROM pg_tde_server_key_info();

psql:<stdin>:1: ERROR: Principal key does not exists for the database

HINT: Use set_key interface to set the principal key

SELECT * FROM test_enc ORDER BY id ASC;

SELECT pg_tde_set_key_using_global_key_provider('rotated-keyX', 'file-2', false);

SELECT * FROM test_enc ORDER BY id ASC;

-- server restart

SELECT key_provider_id, key_provider_name, key_name FROM pg_tde_key_info();

SELECT key_provider_id, key_provider_name, key_name FROM pg_tde_server_key_info();

psql:<stdin>:1: ERROR: Principal key does not exists for the database

HINT: Use set_key interface to set the principal key

SELECT * FROM test_enc ORDER BY id ASC;

ALTER SYSTEM SET pg_tde.inherit_global_providers = OFF;

-- server restart

SELECT pg_tde_set_key_using_global_key_provider('rotated-keyX2', 'file-2', false);

psql:<stdin>:1: ERROR: Usage of global key providers is disabled. Enable it with pg_tde.inherit_global_providers = ON

SELECT key_provider_id, key_provider_name, key_name FROM pg_tde_key_info();

SELECT key_provider_id, key_provider_name, key_name FROM pg_tde_server_key_info();

psql:<stdin>:1: ERROR: Principal key does not exists for the database

HINT: Use set_key interface to set the principal key

SELECT pg_tde_set_key_using_database_key_provider('rotated-key2','file-2');

SELECT key_provider_id, key_provider_name, key_name FROM pg_tde_key_info();

SELECT key_provider_id, key_provider_name, key_name FROM pg_tde_server_key_info();

psql:<stdin>:1: ERROR: Principal key does not exists for the database

HINT: Use set_key interface to set the principal key

CREATE EXTENSION IF NOT EXISTS pg_tde;

SELECT pg_tde_add_database_key_provider_file('file-provider', json_object( 'type' VALUE 'remote', 'url' VALUE 'http://localhost:8888/hello' ));

SELECT pg_tde_set_key_using_database_key_provider('test-db-key','file-provider');

CREATE TABLE test_enc2(id SERIAL,k INTEGER,PRIMARY KEY (id)) USING tde_heap;

INSERT INTO test_enc2 (k) VALUES (5),(6);

SELECT * FROM test_enc2 ORDER BY id ASC;

-- server restart

SELECT * FROM test_enc2 ORDER BY id ASC;

DROP TABLE test_enc2;

DROP EXTENSION pg_tde;

CREATE EXTENSION IF NOT EXISTS pg_tde;

SELECT pg_tde_add_database_key_provider_file('file-provider', json_object( 'type' VALUE 'file', 'path' VALUE '/tmp/datafile-location' ));

SELECT pg_tde_set_key_using_database_key_provider('test-db-key','file-provider');

CREATE TABLE test_enc1(id SERIAL,k INTEGER,PRIMARY KEY (id)) USING tde_heap;

INSERT INTO test_enc1 (k) VALUES (5),(6);

SELECT * FROM test_enc1 ORDER BY id ASC;

-- server restart

SELECT * FROM test_enc1 ORDER BY id ASC;

DROP TABLE test_enc1;

DROP EXTENSION pg_tde;

CREATE EXTENSION IF NOT EXISTS pg_tde;

SELECT pg_tde_add_database_key_provider_vault_v2('vault-provider', json_object( 'type' VALUE 'remote', 'url' VALUE 'http://localhost:8889/token' ), json_object( 'type' VALUE 'remote', 'url' VALUE 'http://localhost:8889/url' ), to_json('secret'::text), NULL);

SELECT pg_tde_set_key_using_database_key_provider('test-db-key','vault-provider');

CREATE TABLE test_enc2(id SERIAL,k INTEGER,PRIMARY KEY (id)) USING tde_heap;

INSERT INTO test_enc2 (k) VALUES (5),(6);

SELECT * FROM test_enc2 ORDER BY id ASC;

-- server restart

SELECT * FROM test_enc2 ORDER BY id ASC;

DROP TABLE test_enc2;

DROP EXTENSION pg_tde;