From 0df472a491b5946adbcaf8e850439ca9e7283d19 Mon Sep 17 00:00:00 2001 From: Betsy Gitelman Date: Wed, 18 Dec 2024 12:45:44 -0500 Subject: [PATCH 1/2] Edits to TDE: improvements and fixes for DOCS-1147 #6342 --- product_docs/docs/tde/15/secure_key/disabling_key.mdx | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/product_docs/docs/tde/15/secure_key/disabling_key.mdx b/product_docs/docs/tde/15/secure_key/disabling_key.mdx index 83a33598ebb..8ded20dc4e2 100644 --- a/product_docs/docs/tde/15/secure_key/disabling_key.mdx +++ b/product_docs/docs/tde/15/secure_key/disabling_key.mdx @@ -4,15 +4,15 @@ description: Learn how to omit using a wrapping key. deepToc: true --- -If you don't want key wrapping, for example, for testing purposes, you can use either one of the following options to disable key wrapping: +If you don't want key wrapping, for example, for testing purposes, you can use either of the following options to disable key wrapping: -- You can set the wrap and unwrap commands to the special value `-` when initializing the cluster with `initdb`. For example, with the flags `--key-wrap-command=-` and `--key-unwrap-command=-`. +- You can set the wrap and unwrap commands to the special value `-` when initializing the cluster with `initdb`. For example, you can use the flags `--key-wrap-command=-` and `--key-unwrap-command=-`. -- Or you can disable key wrapping when initializing the cluster with `initdb` by adding the flag `--no-key-wrap`. +- You can disable key wrapping when initializing the cluster with `initdb` by adding the flag `--no-key-wrap`. -With either one of the configurations, TDE generates encryption key files, but leaves them unprotected. +With either of the configurations, TDE generates encryption key files but leaves them unprotected. -For `intidb --data-encryption` to run successfully, you have to either specify a wrapping/unwrapping command, set a fallback environment variable with wrapping/unwrapping commands, or disable key wrapping with the one of the previous mechanisms. Otherwise, the creation of an encrypted database cluster will fail. +For `intidb --data-encryption` to run successfully, you have to either specify a wrapping/unwrapping command, set a fallback environment variable with wrapping/unwrapping commands, or disable key wrapping with the one of the previous mechanisms. Otherwise, the creating an encrypted database cluster will fail. !!!note If you want to enable key wrapping on TDE-enabled database clusters where key wrapping was previously disabled, see [Enabling a mechanism to protect the data encryption key](../enabling/enabling_key_wrapper). From bea21985ea86d7a37496841a533a36166c82c3b4 Mon Sep 17 00:00:00 2001 From: gvasquezvargas Date: Fri, 20 Dec 2024 12:19:03 -0500 Subject: [PATCH 2/2] Fixed typo --- product_docs/docs/tde/15/secure_key/disabling_key.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/product_docs/docs/tde/15/secure_key/disabling_key.mdx b/product_docs/docs/tde/15/secure_key/disabling_key.mdx index 8ded20dc4e2..512cf21cc16 100644 --- a/product_docs/docs/tde/15/secure_key/disabling_key.mdx +++ b/product_docs/docs/tde/15/secure_key/disabling_key.mdx @@ -12,7 +12,7 @@ If you don't want key wrapping, for example, for testing purposes, you can use e With either of the configurations, TDE generates encryption key files but leaves them unprotected. -For `intidb --data-encryption` to run successfully, you have to either specify a wrapping/unwrapping command, set a fallback environment variable with wrapping/unwrapping commands, or disable key wrapping with the one of the previous mechanisms. Otherwise, the creating an encrypted database cluster will fail. +For `intidb --data-encryption` to run successfully, you have to either specify a wrapping/unwrapping command, set a fallback environment variable with wrapping/unwrapping commands, or disable key wrapping with one of the previous mechanisms. Otherwise, creating an encrypted database cluster will fail. !!!note If you want to enable key wrapping on TDE-enabled database clusters where key wrapping was previously disabled, see [Enabling a mechanism to protect the data encryption key](../enabling/enabling_key_wrapper).