Merge pull request #6362 from EnterpriseDB/docs/edits_to_tde_pr6351

Edits to TDE: tutorials to enable data wrapper and provide passphrase…
EnterpriseDB · Dec 20, 2024 · 327dc68 · 327dc68 · github-actions · Dec 20, 2024
2 parents 4b13db9 + 9a626df
commit 327dc68
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 7 deletions.
diff --git a/product_docs/docs/tde/15/enabling/enabling_key_wrapper.mdx b/product_docs/docs/tde/15/enabling/enabling_key_wrapper.mdx
@@ -7,15 +7,15 @@ If you want to enable key wrapping on TDE-enabled database clusters where key wr
 
 ## Context 
 
-When you create a TDE-enabled database cluster, `initdb` generates a data encryption key and stores it in `pg_encryption/key.bin`. Since this file is stored in plaintext, TDE requires an additional mechanism to [secure the data encryption key](../secure_key/). You normally configure the protection of the key as you initialize your TDE-enabled database cluster.
+When you create a TDE-enabled database cluster, initdb generates a data encryption key and stores it in `pg_encryption/key.bin`. Since this file is stored in plaintext, TDE requires an additional mechanism to [secure the data encryption key](../secure_key/). You normally configure the protection of the key as you initialize your TDE-enabled database cluster.
 
-However, you can chose to [disable key wrapping](../secure_key/disabling_key) for your data encryption key. Although this setup is not recommended, you might have chosen to leave your key unprotected to facilitate managing the cluster for testing or demo purposes.
+However, you can choose to [disable key wrapping](../secure_key/disabling_key) for your data encryption key. Although we don't recommend this setup, you might have left your key unprotected to facilitate managing the cluster for testing or demo purposes.
 
-If you disabled key wrapping, but later decide to enable a mechanism that secures your encryption key, you can enable it at a later time, by updating the encryption settings in the `postgresql.conf` file.
+If you disabled key wrapping but later decide to enable a mechanism that secures your encryption key, you can enable it later by updating the encryption settings in the `postgresql.conf` file.
 
 ## Enable key wrapping with a passphrase
 
-This example walks you through adding a passphrase-based protection mechanism or key wrapping to your data encryption key (`key.bin`).
+This example shows you how to add a passphrase-based protection mechanism or key wrapping to your data encryption key (`key.bin`).
 
 1.  Store the passphrase in a file accessible by initdb named `pass.bin`:
 

diff --git a/product_docs/docs/tde/15/secure_key/passphrase.mdx b/product_docs/docs/tde/15/secure_key/passphrase.mdx
@@ -44,12 +44,12 @@ You also need an entry like in `/etc/sudoers`:
 postgres ALL = NOPASSWD: /usr/bin/systemd-ask-password
 ```
 
-## Providing the passphrase through a file
+## Providing the passphrase using a file
 
-Another way to simplify operations is to store the passphrase in plaintext, so you can reference the file containing the passphrase when securing the data encryption files.
+Another way to simplify operations is to store the passphrase in plaintext so you can reference the file containing the passphrase when securing the data encryption files.
 
 !!!important
-   You should only use this method for testing or demonstration purposes. Don't store your passphrase in a plaintext file for production environments.
+   Use this method only for testing or demonstration purposes. Don't store your passphrase in a plaintext file in a production environment.
 !!!
 
 1.  Store the passphrase in a file accessible by initdb named `pass.bin`: