GitHub user wsg314 added a comment to the discussion: How to rotate KEK in cloudberry cluster?
<para> Cluster file encryption uses two levels of encryption — an upper key which encrypts lower-level keys. The upper-level key is often referred to as a Key Encryption Key (<acronym>KEK</acronym>). This key is <emphasis>not</emphasis> stored in the file system, but provided at <command>initdb</command> time and each time the server is started. This key can be easily changed via <command>pg_alterckey</command> without requiring any changes to the the data files or <command>WAL</command> files. </para> from datebase-encryption.sgml Can we support to rorate KEK by using pg_alterckey ? I have read the code of pg_alterckey, it can only change KEK in one node(master or segment). Is there any way to change KEK in whole cluster ? GitHub link: https://github.com/apache/cloudberry/discussions/1352#discussioncomment-14360787 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
