Skip to content

Created new Thales KMIP topic for TDE #370

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
wants to merge 1 commit into
base: TDE_REL_17_STABLE
Choose a base branch
from
Draft

Created new Thales KMIP topic for TDE #370

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
28 changes: 28 additions & 0 deletions contrib/pg_tde/documentation/docs/global-key-provider-configuration/kmip-thales.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
# Thales KMIP Server Configuration

To use the Python library pykmip for cryptographic operations with Thales CipherTrust Manager, see Using pykmip in the Implementing Thales CipherTrust Manager documentation for instructions. pykmip is a Python library that implements the KMIP industry standard for key management operations.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

pykmip has nothing to do with thales


https://www.enterprisedb.com/docs/partner_docs/ThalesCipherTrustManager/
https://www.enterprisedb.com/docs/partner_docs/ThalesCipherTrustManager/05-UsingThalesCipherTrustManager/

## Recommended Configuration Steps

1.
2.
3.

## Example Configuration SQL

```sql
SELECT pg_tde_add_global_key_provider_kmip(
'thales_kmip_provider',
'kmip.thales.local',
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it's better to use kmip.example.org or something like that here, that makes it clearer that this is an examle domain

5696,
'/path/to/thales-client-cert.pem',
'/path/to/thales-client-key.pem',
'/path/to/thales-ca-cert.pem'
);
```

!!! note
Replace the above paths with the actual certificate locations on your PostgreSQL host.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

not just the paths, the other parameters too

1 change: 1 addition & 0 deletions contrib/pg_tde/documentation/mkdocs.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -171,6 +171,7 @@ nav:
- "2.1 Configure Key Management (KMS)": global-key-provider-configuration/index.md
- "KMIP Configuration": global-key-provider-configuration/kmip-server.md
- "Vault Configuration": global-key-provider-configuration/vault.md
- "Thales Configuration": global-key-provider-configuration/kmip-thales.md
- "Keyring File Configuration": global-key-provider-configuration/keyring.md
- "2.2 Global Principal Key Configuration": global-key-provider-configuration/set-principal-key.md
- "3. Validate Encryption with pg_tde": test.md
Expand Down