Merge pull request #6128 from EnterpriseDB/release-2024-10-04a

Release 2024-10-04a
EnterpriseDB · Oct 4, 2024 · 3dab563 · 3dab563 · github-actions · Oct 4, 2024
2 parents 342b7f4 + 09bf9a2
commit 3dab563
Show file tree

Hide file tree

Showing 3 changed files with 31 additions and 12 deletions.
diff --git a/...cs/supported-open-source/barman/single-server-streaming/step02-backup-setup.mdx b/...cs/supported-open-source/barman/single-server-streaming/step02-backup-setup.mdx
@@ -103,13 +103,18 @@ In order for Barman to connect via the user specified, we'll need to add the pas
 
 ```shell
 cat <<'EOF' >>~/.pgpass
-pg:*:*:barman:example-password
-pg:*:*:streaming_barman:example-password
+pg:5432:*:barman:example-password
+pg:5432:replication:streaming_barman:example-password
 EOF
 chmod 0600 ~/.pgpass
 ```
+Each line in the `.pgpass` file needs to follow below format:
+```
+[db_host]:[db_port]:[db_name]:[db_user]:[db_password]
+```
+The database name [db_name] for the barman streaming user must be `replication`
 
-Note the change in permissions - this is necessary to protect the visibility of the file, and PostgreSQL will not use it unless permissions are restricted.
+**Note the change in permissions** - this is necessary to protect the visibility of the file. PostgreSQL won't use it unless permissions are restricted.
 
 !!! Tip Further reading
     For more details on configuration files, see: [the Configuration section in the Barman guide](http://docs.pgbarman.org/release/2.12/#configuration).

diff --git a/product_docs/docs/tde/15/key_stores.mdx b/product_docs/docs/tde/15/key_stores.mdx
@@ -1,5 +1,7 @@
 ---
 title: Securing the data encryption key
+description: Learn how to secure your data with an encryption key.
+deepToC: true
 ---
 
 
@@ -61,16 +63,17 @@ postgres ALL = NOPASSWD: /usr/bin/systemd-ask-password
 You can use the key store in an external key management system to manage the data encryption key. The tested and supported key stores are:
 
 - Amazon AWS Key Management Service (KMS)
+- Microsoft Azure Key Vault
 - Google Cloud - Cloud Key Management Service
 - HashiCorp Vault (KMIP Secrets Engine and Transit Secrets Engine)
-- Microsoft Azure Key Vault
 - Thales CipherTrust Manager
+- Fortanix Data Security Manager
 
-
+To use one of the available key stores, see the configuration examples.
 
 ### AWS Key Management Service example
 
-Create a key with AWS Key Management Service:
+Create a key with [AWS Key Management Service](https://docs.aws.amazon.com/kms/):
 
 ```shell
 aws kms create-key
@@ -88,7 +91,7 @@ PGDATAKEYUNWRAPCMD='aws kms decrypt --key-id alias/pg-tde-master-1 --ciphertext-
 
 ### Azure Key Vault example
 
-Create a key with Azure Key Vault:
+Create a key with [Azure Key Vault](https://learn.microsoft.com/en-us/azure/key-vault/):
 
 ```shell
 az keyvault key create --vault-name pg-tde --name pg-tde-master-1
@@ -105,7 +108,7 @@ PGDATAKEYUNWRAPCMD='az keyvault key decrypt --name pg-tde-master-1 --vault-name
 
 ### Google Cloud KMS example
 
-Create a key with Google Cloud KMS:
+Create a key with [Google Cloud KMS](https://cloud.google.com/kms/docs):
 
 ```shell
 gcloud kms keys create pg-tde-master-1 --location=global --keyring=pg-tde --purpose=encryption
@@ -120,17 +123,29 @@ PGDATAKEYUNWRAPCMD='gcloud kms decrypt --plaintext-file=- --ciphertext-file=%p -
 
 ### HashiCorp Vault Transit Secrets Engine example
 
+Enable transit with [HashiCorp Vault Transit Secrets Engine](https://developer.hashicorp.com/vault/docs):
+
 ```shell
-# enable once
 vault secrets enable transit
+```
+
+Create a key and give it a name:
 
-# create a key (pick a name)
+```shell
 vault write -f transit/keys/pg-tde-master-1
+```
+
+Use the `vault write` command with the `pg-tde-master-1` key to wrap and unwrap the data encryption key:
 
+```
 PGDATAKEYWRAPCMD='base64 | vault write -field=ciphertext transit/encrypt/pg-tde-master-1 plaintext=- > %p'
 PGDATAKEYUNWRAPCMD='vault write -field=plaintext transit/decrypt/pg-tde-master-1 ciphertext=- < %p | base64 -d'
 ```
 
+### Fortanix Data Security Manager example 
+
+See [Using Fortanix Data Security Manager with EDB Postgres for TDE](https://support.fortanix.com/docs/using-fortanix-data-security-manager-with-edb-postgres-for-tde) for a step-by-step configuration tutorial.
+
 ## Key rotation
 
 To change the master key, manually run the unwrap command specifying the old key. Then feed the result into the wrap command specifying the new key. Equivalently, if the data key is protected by a passphrase, to change the passphrase, run the unwrap command using the old passphrase. Then feed the result into the wrap command using the new passphrase. You can perform these operations while the database server is running. The wrapped data key in the file is used only on startup. It isn't used while the server is running.

diff --git a/src/constants/updates.js b/src/constants/updates.js
@@ -7,7 +7,7 @@ export const updates = [
     description:
       "LiveCompare 3.0 is now available with improved performance, easier to configure Oracle support, and enhanced documentation. ",
     url: "/livecompare/latest/",
-    moreUrl: "/livecompare/latest/rel_notes/3.0_rel_notes/",
+    moreUrl: "/livecompare/latest/rel_notes/3.0.1_rel_notes/",
   },
   {
     title: "Trusted Postgres Architect 23.34",
@@ -16,7 +16,6 @@ export const updates = [
       "TPA 23.34 includes enhanced support for EFM, PEM and pgBouncer, and a new output plugin which improves readability of TPA progress.",
     url: "/tpa/latest/",
     moreUrl: "/tpa/latest/rel_notes/tpa_23.34_rel_notes/",
-
   },
   {
     title: "EDB Postgres Enterprise Manager 9.7",