You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
You can configure `pg_tde` to use OpenBao as a global key provider for managing encryption keys securely.
4
+
5
+
!!! note
6
+
This guide assumes that your OpenBao server is already set up and accessible. OpenBao configuration is outside the scope of this document, see [OpenBao's official documentation](https://openbao.org/docs/) for more information.
7
+
8
+
## Example usage
9
+
10
+
To register an OpenBao server as a global key provider:
11
+
12
+
```sql
13
+
SELECT pg_tde_add_global_key_provider_vault_v2(
14
+
'provider-name',
15
+
'url',
16
+
'mount',
17
+
'secret_token_path',
18
+
'ca_path'
19
+
);
20
+
```
21
+
22
+
## Parameter descriptions
23
+
24
+
*`provider-name` is the name to identify this key provider
25
+
*`secret_token_path` is a path to the file that contains an access token with read and write access to the above mount point
26
+
*`url` is the URL of the Vault server
27
+
*`mount` is the mount point where the keyring should store the keys
28
+
*[optional]`ca_path` is the path of the CA file used for SSL verification
29
+
30
+
The following example is for testing purposes only. Use secure tokens and proper SSL validation in production environments:
31
+
32
+
```sql
33
+
SELECT pg_tde_add_global_key_provider_vault_v2(
34
+
'my-openbao-provider',
35
+
'https://openbao.example.com:8200',
36
+
'secret/data',
37
+
'/path/to/token_file',
38
+
'/path/to/ca_cert.pem'
39
+
);
40
+
```
41
+
42
+
For more information on related functions, see the link below:
43
+
44
+
[Percona pg_tde Function Reference](../functions.md){.md-button}
45
+
46
+
## Next steps
47
+
48
+
[Global Principal Key Configuration :material-arrow-right:](set-principal-key.md){.md-button}
0 commit comments