From ee88fd04cc9a9178e7fb2562f3d87a9cdb23b04e Mon Sep 17 00:00:00 2001 From: Dee Dee Rothery <83650384+drothery-edb@users.noreply.github.com> Date: Fri, 7 Jul 2023 14:33:26 -0400 Subject: [PATCH 01/61] removing "only" from not about BAH CSP support --- .../biganimal/release/overview/deployment_options/index.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/product_docs/docs/biganimal/release/overview/deployment_options/index.mdx b/product_docs/docs/biganimal/release/overview/deployment_options/index.mdx index 01c789bde7e..7698c8da615 100644 --- a/product_docs/docs/biganimal/release/overview/deployment_options/index.mdx +++ b/product_docs/docs/biganimal/release/overview/deployment_options/index.mdx @@ -15,7 +15,7 @@ When deploying in your own cloud account, you need to set up your cloud service BigAnimal's cloud account offers a seamless deployment option if you don't want to set up a separate cloud account for your clusters. You can deploy a cluster in BigAnimal's cloud account instantly. !!! Note Note -Currently, when you deploy in BigAnimal's cloud account, you can use only AWS as your cloud provider. +Currently, when you deploy in BigAnimal's cloud account, you can use AWS as your cloud provider. !!! From b93db55af737077388a7d55801027665dabbdf77 Mon Sep 17 00:00:00 2001 From: jkitchens32 Date: Mon, 8 May 2023 20:24:44 -0400 Subject: [PATCH 02/61] TechPartner Hashicorp Vault Guide --- .../HashicorpVault/02-PartnerInformation.mdx | 12 ++ .../HashicorpVault/03-SolutionSummary.mdx | 10 ++ .../04-ConfiguringHashicorpVault.mdx | 142 ++++++++++++++++++ .../06-CertificationEnvironment.mdx | 10 ++ .../HashicorpVault/07-SupportandLogging.mdx | 32 ++++ .../Images/PartnerProgram.jpg.png | 3 + .../partner_docs/HashicorpVault/index.mdx | 14 ++ src/pages/index.js | 6 + 8 files changed, 229 insertions(+) create mode 100644 advocacy_docs/partner_docs/HashicorpVault/02-PartnerInformation.mdx create mode 100644 advocacy_docs/partner_docs/HashicorpVault/03-SolutionSummary.mdx create mode 100644 advocacy_docs/partner_docs/HashicorpVault/04-ConfiguringHashicorpVault.mdx create mode 100644 advocacy_docs/partner_docs/HashicorpVault/06-CertificationEnvironment.mdx create mode 100644 advocacy_docs/partner_docs/HashicorpVault/07-SupportandLogging.mdx create mode 100644 advocacy_docs/partner_docs/HashicorpVault/Images/PartnerProgram.jpg.png create mode 100644 advocacy_docs/partner_docs/HashicorpVault/index.mdx diff --git a/advocacy_docs/partner_docs/HashicorpVault/02-PartnerInformation.mdx b/advocacy_docs/partner_docs/HashicorpVault/02-PartnerInformation.mdx new file mode 100644 index 00000000000..3fd8c541c0e --- /dev/null +++ b/advocacy_docs/partner_docs/HashicorpVault/02-PartnerInformation.mdx @@ -0,0 +1,12 @@ +--- +title: 'Partner Information' +description: 'Details of the Partner' + +--- +|   |   | +| ----------- | ----------- | +| **Partner Name** | Hashicorp | +| **Web Site** | https://www.hashicorp.com/ | +| **Partner Product** | Vault | +| **Version** | Vault v1.12.6+ent, v1.13.2+ent | +| **Product Description** | Hashicorp Vault is an identity-based secrets and encryption management system. Used in conjunction with EDB Postgres Advanced Server version 15.2, it allows users to control access to encryption keys and certificates, as well as perform key management. | \ No newline at end of file diff --git a/advocacy_docs/partner_docs/HashicorpVault/03-SolutionSummary.mdx b/advocacy_docs/partner_docs/HashicorpVault/03-SolutionSummary.mdx new file mode 100644 index 00000000000..f093210f276 --- /dev/null +++ b/advocacy_docs/partner_docs/HashicorpVault/03-SolutionSummary.mdx @@ -0,0 +1,10 @@ +--- +title: 'Solution Summary' +description: 'Explanation of the solution and its purpose' +--- + +Hashicorp Vault is an identity-based secrets and encryption management system. Used in conjunction with EDB Postgres Advanced Server version 15.2, it allows users to control access to encryption keys and certificates, as well as perform key management. Using Hashicorp Vault’s KMIP secrets engine allows Vault to act as a KMIP server provider and handle the lifecycle of KMIP managed objects. + +Hashicorp Vault’s KMIP secrets engine manages its own listener to service any KMIP requests that operate on KMIP managed objects. The KMIP secrets engine determines the set of KMIP operations that the clients can perform based on roles that are assigned. + +![Placeholder Image](Images/PlaceholderImage.png) diff --git a/advocacy_docs/partner_docs/HashicorpVault/04-ConfiguringHashicorpVault.mdx b/advocacy_docs/partner_docs/HashicorpVault/04-ConfiguringHashicorpVault.mdx new file mode 100644 index 00000000000..3d9f2df953a --- /dev/null +++ b/advocacy_docs/partner_docs/HashicorpVault/04-ConfiguringHashicorpVault.mdx @@ -0,0 +1,142 @@ +--- +title: 'Configuration' +description: 'Walkthrough on configuring the integration' +--- + +Implementing Hashicorp Vault with EDB Postgres Advanced Server 15.2 requires the following components installed on the same system: + +- EDB Postgres Advanced Server version 15.2 +- Hashicorp Vault version 1.13.2+ent or 1.12.6+ent +- [Pykmip](https://pypi.org/project/PyKMIP/#files) +- Python + +## Prerequisites + +- A running EDB Postgres Advanced Server version 15.2 instance. +- Hashicorp Vault installed and deployed per your VM environment + +## Configure Hashicorp Vault KMIP Secrets Engine + +!!! Note + When you are configuring Vault commands and if at any point you receive this error message “Get "https://127.0.0.1:8200/v1/sys/seal-status": http: server gave HTTP response to HTTPS client” you need to issue this in your command line export VAULT_ADDR="http://127.0.0.1:8200". + +1. After your Hashicorp Vault configuration is installed and deployed per the guidelines in the [Hashicorp documentation](https://developer.hashicorp.com/vault/tutorials/getting-started/getting-started-install), you will then need to enable the kmip capabilities. + +2. Assume root user. + +3. When you are the root user, type ‘vault secrets enable kmip’ in the command line. +```bash +root@ip-172-31-46-134:/home/ubuntu# vault secrets enable kmip +Success! Enabled the kmip secrets engine at: kmip/ +``` + +4. Next you will need to configure the Hashicorp Vault secrets engine with the desired kmip listener address. + +5. Enter `vault write kmip/config listen_addrs=0.0.0.0:5696` in the command line. +```bash +root@ip-172-31-46-134:/home/ubuntu# vault write kmip/config listen_addrs=0.0.0.0:5696 +Success! Data written to: kmip/config +``` + +6. Next you will need to define the Scopes and Roles to determine what allowed operations a role can perform. + +7. Enter `vault write -f kmip/scope/*scope_name*` in the command line. +```bash +root@ip-172-31-46-134:/home/ubuntu# vault write -f kmip/scope/edb +Success! Data written to: kmip/scope/edb +``` +8. If you ever need to view your scopes you have created you can enter `vault list kmip/scope` in the command line. + +9. Next you will need to define the role for that scope and what operations they are allowed to do. + +10. Enter `vault write kmip/scope/*scope_name*/role/*role_name* operation_all=true` in the command line. +```bash +root@ip-172-31-46-134:/home/ubuntu# vault write kmip/scope/edb/role/admin operation_all=true +Success! Data written to: kmip/scope/edb/role/admin +``` + +11. You can read your scope and role with this command `vault read kmip/scope/*scope_name*/role/*role_name*` +```bash +root@ip-172-31-46-134:/home/ubuntu# vault read kmip/scope/edb/role/admin +Key Value +--- ----- +operation_all true +tls_client_key_bits 0 +tls_client_key_type n/a +tls_client_ttl 0s +``` + +## Generate Client Certificates + +After a scope and role have been created you will need to generate client certificates that will be used within your pykmip.conf file for key management. These certificates can be used to establish communication with Hashicorp Vault’s KMIP Server. + +1. Generate the client certificate, this will provide the CA Chain, the private key and the certificate. + +2. Enter `vault write -f -field=certificate \ kmip/scope/*scope_name*/role/*role_name*/credential/generate > *certificate_name*.pem`. +```bash +root@ip-172-31-46-134:/home/ubuntu# vault write -f -field=certificate \ kmip/scope/edb/role/admin/credential/generate > kmip-cert.pem +``` + +3. To view your certificates you can type `cat *certificate_name*.pem*` in the command line and this will return the certificates from Hashicorp Vault. +```bash +root@ip-172-31-46-134:/home/ubuntu# cat kmip-cert.pem +``` + +4. You will need to separate the individual certificates into .pem files so they can be used in your pykmip.conf file. + +5. Create a key.pem file which will contain the private key in the certificate chain. +```bash +ubuntu@ip-172-31-46-134:/tmp$ cat key.pem +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIIbpRtITDlQ5DpFtuRXWpWdV0fRdZ6vnBYJQmMKCR/iZoAoGCCqGSM49 +AwEHoUQDQgAE3+Kp/PXqTMDCINKIbeNI34qQ47Pd7lttkN2Pgfl7LhLt8uLlAmLX +wmmW4klCuDzRdSBvtdcA5LguWrSBimKXDw== +-----END EC PRIVATE KEY----- +``` + +6. Create a cert.pem file which will contain the first certificate in the certificate chain. +```bash +ubuntu@ip-172-31-46-134:/tmp$ cat cert.pem +-----BEGIN CERTIFICATE----- +MIIBwjCCAWegAwIBAgIUJEpQl3OQKZL5pT7pkOKbBuafBwYwCgYIKoZIzj0EAwIw +KjEoMCYGA1UEAxMfdmF1bHQta21pcC1kZWZhdWx0LWludGVybWVkaWF0ZTAeFw0y +MzAzMzAyMjE1MjhaFw0yMzA0MTMyMjE1NThaMCAxDjAMBgNVBAsTBWZUZWNDMQ4w +DAYDVQQDEwU1R0VhTjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABN/iqfz16kzA +wiDSiG3jSN+KkOOz3e5bbZDdj4H5ey4S7fLi5QJi18JpluJJQrg80XUgb7XXAOS4 +Llq0gYpilw+jdTBzMA4GA1UdDwEB/wQEAwIDqDATBgNVHSUEDDAKBggrBgEFBQcD +AjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQle1YJXy2VX699fQoR7NcMT06/OTAf +BgNVHSMEGDAWgBSSBDXnwdExsaSbT/vgqDHm4zG6STAKBggqhkjOPQQDAgNJADBG +AiEAk7Vo1HpS1D+C3OyBXqHGlCOD3p4HnMeStGaBB/Cqn2cCIQDul2Vxal7lCeDN +Xlg2U8LToGCBEvf1quZU7T8ZQkbQCA== +-----END CERTIFICATE----- +``` + +7. Create a ca.pem file which will contain the last two certificates in the certificate chain. +```bash +ubuntu@ip-172-31-46-134:/tmp$ cat ca.pem +-----BEGIN CERTIFICATE----- +MIIBrTCCAVKgAwIBAgIUEvo9Bh4qNPVYvQC2wttR5vD9KTQwCgYIKoZIzj0EAwIw +HTEbMBkGA1UEAxMSdmF1bHQta21pcC1kZWZhdWx0MB4XDTIzMDMwMTE5MjgyN1oX +DTMzMDIyNjE5Mjg1N1owKjEoMCYGA1UEAxMfdmF1bHQta21pcC1kZWZhdWx0LWlu +dGVybWVkaWF0ZTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABCNpmJK8lrNg1AVl +s5ge5tfIhaCq4Vgom3tbRnIhmqDKIjnJa1QQtGXl+aY8sa3Uckabu7F73Qlmx2uG +yO7qzXqjYzBhMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud +DgQWBBSSBDXnwdExsaSbT/vgqDHm4zG6STAfBgNVHSMEGDAWgBSS2fzAT5gtJFl+ +csFk43spGfJR3zAKBggqhkjOPQQDAgNJADBGAiEAgmLt1YGJfma0tjbs8crQTfXt +RkbhctXSJQOqR3ejM/8CIQCZY4LIgwBhOE95gw1xAv4onclSk/ZaUxDQCXBeh60i +lg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIBoDCCAUWgAwIBAgIUAZ/BGjgU/gvnzlVC9WEPxUcb0howCgYIKoZIzj0EAwIw +HTEbMBkGA1UEAxMSdmF1bHQta21pcC1kZWZhdWx0MB4XDTIzMDMwMTE5MjgyN1oX +DTMzMDIyNjE5Mjg1N1owHTEbMBkGA1UEAxMSdmF1bHQta21pcC1kZWZhdWx0MFkw +EwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEzQCEnid/sExfxBpki2suGc3pE0wVQt31 +Wtg16m9l0mLj3qZFdRCAHJKpoY6RT5X81/gkhhEjVBR3Hi3C3C6J+KNjMGEwDgYD +VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFJLZ/MBPmC0k +WX5ywWTjeykZ8lHfMB8GA1UdIwQYMBaAFJLZ/MBPmC0kWX5ywWTjeykZ8lHfMAoG +CCqGSM49BAMCA0kAMEYCIQCoeQmZmYeViGcm2qtm9vjPs4SLEHVbDjG17zZ1euW6 +IgIhAMb3y3xRXwddt2ejaow1GytysRz4LoxC3B5dLn1LoCpI +-----END CERTIFICATE----- +``` + +Now that you have all of the required Certificates you are ready to use Hashicorp Vault Secrets Engine with EDB Postgres Advanced Server version 15.2. \ No newline at end of file diff --git a/advocacy_docs/partner_docs/HashicorpVault/06-CertificationEnvironment.mdx b/advocacy_docs/partner_docs/HashicorpVault/06-CertificationEnvironment.mdx new file mode 100644 index 00000000000..cab401be28c --- /dev/null +++ b/advocacy_docs/partner_docs/HashicorpVault/06-CertificationEnvironment.mdx @@ -0,0 +1,10 @@ +--- +title: 'Certification Environment' +description: 'Overview of the Certification Environment' +--- + +|   |   | +| ----------- | ----------- | +| **Certification Test Date** | May 3rd, 2023 | +| **EDB Postgres Advanced Server** | 15.2 | +| **Thales CipherTrust Manager** | Vault v1.12.6+ent, Vault v1.13.2+ent | \ No newline at end of file diff --git a/advocacy_docs/partner_docs/HashicorpVault/07-SupportandLogging.mdx b/advocacy_docs/partner_docs/HashicorpVault/07-SupportandLogging.mdx new file mode 100644 index 00000000000..db51f709c7a --- /dev/null +++ b/advocacy_docs/partner_docs/HashicorpVault/07-SupportandLogging.mdx @@ -0,0 +1,32 @@ +--- +title: 'Support and Logging Details' +description: 'Details of the support process and logging information' +--- + +## Support + +Technical support for the use of these products is provided by both EDB and Hashicorp. A proper support contract is required to be in place at both EDB and Hashicorp. A support ticket can be opened on either side to start the process. If it is determined through the support ticket that resources from the other vendor is required, the customer should open a support ticket with that vendor through normal support channels. This will allow both companies to work together to help the customer as needed. + +## Logging + +**EDB Postgres Advanced Server Logs:** + +Navigate to the `Data` directory in your chosen EDB Postgres Advanced Server instance and from here you can navigate to `log`, `current_logfiles` or you can navigate to the `postgresql.conf` file where you can customize logging options or enable `edb_audit` logs. + +**PostgreSQL Logs** + +The default log directories for PostgreSQL logs vary depending on the operating system: + +- Debian-based system: `/var/log/postgresql/postgresql-x.x.main.log. X.x.` + +- Red Hat-based system: `/var/lib/pgsql/data/pg_log` + +- Windows: `C:\Program Files\PostgreSQL\9.3\data\pg_log` + +** Hashicorp Vault Logs** + +Customers can use the `journalctl` function to call logs for Hashicorp Vault. + +If you just want to view the Vault logs you can do so by entering `journalctl -ex -u vault` in the command line. + +If you want to view logs for a specific day and output those results to a `.txt` file you can do so by entering `journalctl -u vault -S today > vaultlog.txt` in the command line, adjusting the date to your needed date and the text title. \ No newline at end of file diff --git a/advocacy_docs/partner_docs/HashicorpVault/Images/PartnerProgram.jpg.png b/advocacy_docs/partner_docs/HashicorpVault/Images/PartnerProgram.jpg.png new file mode 100644 index 00000000000..a51f268a007 --- /dev/null +++ b/advocacy_docs/partner_docs/HashicorpVault/Images/PartnerProgram.jpg.png @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:6dddb2403778294d50b9c500a3b961fc5ed0aa764d4c425cd44c1c90193915e5 +size 9855 diff --git a/advocacy_docs/partner_docs/HashicorpVault/index.mdx b/advocacy_docs/partner_docs/HashicorpVault/index.mdx new file mode 100644 index 00000000000..357cf020714 --- /dev/null +++ b/advocacy_docs/partner_docs/HashicorpVault/index.mdx @@ -0,0 +1,14 @@ +--- +title: 'Hashicorp Vault Implementation Guide' +indexCards: simple +directoryDefaults: + iconName: handshake +--- + +

+ +

+

EDB GlobalConnect Technology Partner Implementation Guide

+

Hashicorp Vault

+ +

This document is intended to augment each vendor’s product documentation in order to guide the reader in getting the products working together. It is not intended to show the optimal configuration for the certified integration.

\ No newline at end of file diff --git a/src/pages/index.js b/src/pages/index.js index 6e3d50b198e..a1443fe6e13 100644 --- a/src/pages/index.js +++ b/src/pages/index.js @@ -374,6 +374,12 @@ const Page = () => ( Esri ArcGIS Pro and Esri ArcGIS Enterprise + + Hashicorp Vault + + + Imperva Data Security Fabric + Nutanix AHV From 12ba4bd03a5a71bdf674605b107de46b4c043e6c Mon Sep 17 00:00:00 2001 From: jkitchens32 Date: Wed, 10 May 2023 15:18:21 -0400 Subject: [PATCH 03/61] Wording Changes --- .../HashicorpVault/04-ConfiguringHashicorpVault.mdx | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/advocacy_docs/partner_docs/HashicorpVault/04-ConfiguringHashicorpVault.mdx b/advocacy_docs/partner_docs/HashicorpVault/04-ConfiguringHashicorpVault.mdx index 3d9f2df953a..b599342a313 100644 --- a/advocacy_docs/partner_docs/HashicorpVault/04-ConfiguringHashicorpVault.mdx +++ b/advocacy_docs/partner_docs/HashicorpVault/04-ConfiguringHashicorpVault.mdx @@ -30,7 +30,7 @@ root@ip-172-31-46-134:/home/ubuntu# vault secrets enable kmip Success! Enabled the kmip secrets engine at: kmip/ ``` -4. Next you will need to configure the Hashicorp Vault secrets engine with the desired kmip listener address. +4. You will then need to configure the Hashicorp Vault secrets engine with the desired kmip listener address. 5. Enter `vault write kmip/config listen_addrs=0.0.0.0:5696` in the command line. ```bash @@ -38,7 +38,7 @@ root@ip-172-31-46-134:/home/ubuntu# vault write kmip/config listen_addrs=0.0.0.0 Success! Data written to: kmip/config ``` -6. Next you will need to define the Scopes and Roles to determine what allowed operations a role can perform. +6. Define the Scopes and Roles to determine what allowed operations a role can perform. 7. Enter `vault write -f kmip/scope/*scope_name*` in the command line. ```bash @@ -47,7 +47,7 @@ Success! Data written to: kmip/scope/edb ``` 8. If you ever need to view your scopes you have created you can enter `vault list kmip/scope` in the command line. -9. Next you will need to define the role for that scope and what operations they are allowed to do. +9. Define the role for that scope and what operations they are allowed to do. 10. Enter `vault write kmip/scope/*scope_name*/role/*role_name* operation_all=true` in the command line. ```bash From c5bd7bebfd6b3ef25ad1f458fd40c3d9d4fa41ba Mon Sep 17 00:00:00 2001 From: jkitchens32 Date: Wed, 17 May 2023 12:44:52 -0400 Subject: [PATCH 04/61] Solution Summary Image Update --- .../partner_docs/HashicorpVault/03-SolutionSummary.mdx | 2 +- .../Images/HashicorpVaultSolutionSummaryImage.png | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) create mode 100644 advocacy_docs/partner_docs/HashicorpVault/Images/HashicorpVaultSolutionSummaryImage.png diff --git a/advocacy_docs/partner_docs/HashicorpVault/03-SolutionSummary.mdx b/advocacy_docs/partner_docs/HashicorpVault/03-SolutionSummary.mdx index f093210f276..8085716ab4d 100644 --- a/advocacy_docs/partner_docs/HashicorpVault/03-SolutionSummary.mdx +++ b/advocacy_docs/partner_docs/HashicorpVault/03-SolutionSummary.mdx @@ -7,4 +7,4 @@ Hashicorp Vault is an identity-based secrets and encryption management system. U Hashicorp Vault’s KMIP secrets engine manages its own listener to service any KMIP requests that operate on KMIP managed objects. The KMIP secrets engine determines the set of KMIP operations that the clients can perform based on roles that are assigned. -![Placeholder Image](Images/PlaceholderImage.png) +![Hashicorp Vault Architecture](Images/HashicorpVaultSolutionSummaryImage.png) diff --git a/advocacy_docs/partner_docs/HashicorpVault/Images/HashicorpVaultSolutionSummaryImage.png b/advocacy_docs/partner_docs/HashicorpVault/Images/HashicorpVaultSolutionSummaryImage.png new file mode 100644 index 00000000000..611f1e97abd --- /dev/null +++ b/advocacy_docs/partner_docs/HashicorpVault/Images/HashicorpVaultSolutionSummaryImage.png @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:43adec6492b85b86447651dbc1c40d843528b87612a829bccc6c593c05d55c38 +size 226678 From 9579d01fc26e90f84fb76d34f1e62f3122546be9 Mon Sep 17 00:00:00 2001 From: jkitchens32 Date: Mon, 22 May 2023 10:29:31 -0400 Subject: [PATCH 05/61] Edits from Scott's Notes --- .../04-ConfiguringHashicorpVault.mdx | 25 +++++++++++-------- 1 file changed, 14 insertions(+), 11 deletions(-) diff --git a/advocacy_docs/partner_docs/HashicorpVault/04-ConfiguringHashicorpVault.mdx b/advocacy_docs/partner_docs/HashicorpVault/04-ConfiguringHashicorpVault.mdx index b599342a313..f1ad2aaf135 100644 --- a/advocacy_docs/partner_docs/HashicorpVault/04-ConfiguringHashicorpVault.mdx +++ b/advocacy_docs/partner_docs/HashicorpVault/04-ConfiguringHashicorpVault.mdx @@ -20,11 +20,11 @@ Implementing Hashicorp Vault with EDB Postgres Advanced Server 15.2 requires the !!! Note When you are configuring Vault commands and if at any point you receive this error message “Get "https://127.0.0.1:8200/v1/sys/seal-status": http: server gave HTTP response to HTTPS client” you need to issue this in your command line export VAULT_ADDR="http://127.0.0.1:8200". -1. After your Hashicorp Vault configuration is installed and deployed per the guidelines in the [Hashicorp documentation](https://developer.hashicorp.com/vault/tutorials/getting-started/getting-started-install), you will then need to enable the kmip capabilities. +1. After your Hashicorp Vault configuration is installed and deployed per the guidelines in the [Hashicorp documentation](https://developer.hashicorp.com/vault/tutorials/getting-started/getting-started-install), you will then need to enable the KMIP capabilities. 2. Assume root user. -3. When you are the root user, type ‘vault secrets enable kmip’ in the command line. +3. When you are the root user, type ‘vault secrets enable kmip’. ```bash root@ip-172-31-46-134:/home/ubuntu# vault secrets enable kmip Success! Enabled the kmip secrets engine at: kmip/ @@ -32,30 +32,27 @@ Success! Enabled the kmip secrets engine at: kmip/ 4. You will then need to configure the Hashicorp Vault secrets engine with the desired kmip listener address. -5. Enter `vault write kmip/config listen_addrs=0.0.0.0:5696` in the command line. +5. Enter `vault write kmip/config listen_addrs=0.0.0.0:5696`. ```bash root@ip-172-31-46-134:/home/ubuntu# vault write kmip/config listen_addrs=0.0.0.0:5696 Success! Data written to: kmip/config ``` -6. Define the Scopes and Roles to determine what allowed operations a role can perform. - -7. Enter `vault write -f kmip/scope/*scope_name*` in the command line. +6. Enter `vault write -f kmip/scope/*scope_name*` to create the scope that will be used to define the allowed operations a role can perform. ```bash root@ip-172-31-46-134:/home/ubuntu# vault write -f kmip/scope/edb Success! Data written to: kmip/scope/edb ``` -8. If you ever need to view your scopes you have created you can enter `vault list kmip/scope` in the command line. - -9. Define the role for that scope and what operations they are allowed to do. +!!! Note + To view your scopes you have created you can enter `vault list kmip/scope`. -10. Enter `vault write kmip/scope/*scope_name*/role/*role_name* operation_all=true` in the command line. +7. Enter `vault write kmip/scope/*scope_name*/role/*role_name* operation_all=true` to define the role for the scope. In our example the role of `admin` is for the scope `edb`. ```bash root@ip-172-31-46-134:/home/ubuntu# vault write kmip/scope/edb/role/admin operation_all=true Success! Data written to: kmip/scope/edb/role/admin ``` -11. You can read your scope and role with this command `vault read kmip/scope/*scope_name*/role/*role_name*` +8. You can read your scope and role with this command `vault read kmip/scope/*scope_name*/role/*role_name*` ```bash root@ip-172-31-46-134:/home/ubuntu# vault read kmip/scope/edb/role/admin Key Value @@ -73,6 +70,10 @@ After a scope and role have been created you will need to generate client certif 1. Generate the client certificate, this will provide the CA Chain, the private key and the certificate. 2. Enter `vault write -f -field=certificate \ kmip/scope/*scope_name*/role/*role_name*/credential/generate > *certificate_name*.pem`. +In our example: +Role: edb +Scope: admin +Certificate name: kmip-cert.pem ```bash root@ip-172-31-46-134:/home/ubuntu# vault write -f -field=certificate \ kmip/scope/edb/role/admin/credential/generate > kmip-cert.pem ``` @@ -83,6 +84,8 @@ root@ip-172-31-46-134:/home/ubuntu# cat kmip-cert.pem ``` 4. You will need to separate the individual certificates into .pem files so they can be used in your pykmip.conf file. +!!! Note + Make sure to include ----BEGIN ------ and ----END ------ in the .pem certificate files. 5. Create a key.pem file which will contain the private key in the certificate chain. ```bash From 425d97bf096d42ae9ac7057452f59a0f2873128c Mon Sep 17 00:00:00 2001 From: jkitchens32 Date: Mon, 22 May 2023 11:28:44 -0400 Subject: [PATCH 06/61] Configuration syntax edits --- .../HashicorpVault/04-ConfiguringHashicorpVault.mdx | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/advocacy_docs/partner_docs/HashicorpVault/04-ConfiguringHashicorpVault.mdx b/advocacy_docs/partner_docs/HashicorpVault/04-ConfiguringHashicorpVault.mdx index f1ad2aaf135..a019d01d383 100644 --- a/advocacy_docs/partner_docs/HashicorpVault/04-ConfiguringHashicorpVault.mdx +++ b/advocacy_docs/partner_docs/HashicorpVault/04-ConfiguringHashicorpVault.mdx @@ -24,7 +24,7 @@ Implementing Hashicorp Vault with EDB Postgres Advanced Server 15.2 requires the 2. Assume root user. -3. When you are the root user, type ‘vault secrets enable kmip’. +3. When you are the root user, type `vault secrets enable kmip`. ```bash root@ip-172-31-46-134:/home/ubuntu# vault secrets enable kmip Success! Enabled the kmip secrets engine at: kmip/ @@ -43,9 +43,11 @@ Success! Data written to: kmip/config root@ip-172-31-46-134:/home/ubuntu# vault write -f kmip/scope/edb Success! Data written to: kmip/scope/edb ``` + !!! Note To view your scopes you have created you can enter `vault list kmip/scope`. + 7. Enter `vault write kmip/scope/*scope_name*/role/*role_name* operation_all=true` to define the role for the scope. In our example the role of `admin` is for the scope `edb`. ```bash root@ip-172-31-46-134:/home/ubuntu# vault write kmip/scope/edb/role/admin operation_all=true @@ -70,10 +72,9 @@ After a scope and role have been created you will need to generate client certif 1. Generate the client certificate, this will provide the CA Chain, the private key and the certificate. 2. Enter `vault write -f -field=certificate \ kmip/scope/*scope_name*/role/*role_name*/credential/generate > *certificate_name*.pem`. -In our example: -Role: edb -Scope: admin -Certificate name: kmip-cert.pem + +In our example we used role: edb, scope: admin and certificate name: kmip-cert.pem. + ```bash root@ip-172-31-46-134:/home/ubuntu# vault write -f -field=certificate \ kmip/scope/edb/role/admin/credential/generate > kmip-cert.pem ``` From c825d90bb50593556ef4f3530a55371257f0d2e6 Mon Sep 17 00:00:00 2001 From: jkitchens32 Date: Mon, 22 May 2023 13:26:20 -0400 Subject: [PATCH 07/61] Review Edits --- .../HashicorpVault/02-PartnerInformation.mdx | 2 +- .../HashicorpVault/04-ConfiguringHashicorpVault.mdx | 2 ++ .../HashicorpVault/05-UsingHashicorpVault.mdx | 7 ++++--- .../HashicorpVault/07-SupportandLogging.mdx | 10 ---------- 4 files changed, 7 insertions(+), 14 deletions(-) diff --git a/advocacy_docs/partner_docs/HashicorpVault/02-PartnerInformation.mdx b/advocacy_docs/partner_docs/HashicorpVault/02-PartnerInformation.mdx index 3fd8c541c0e..3f9d9c7d2e2 100644 --- a/advocacy_docs/partner_docs/HashicorpVault/02-PartnerInformation.mdx +++ b/advocacy_docs/partner_docs/HashicorpVault/02-PartnerInformation.mdx @@ -9,4 +9,4 @@ description: 'Details of the Partner' | **Web Site** | https://www.hashicorp.com/ | | **Partner Product** | Vault | | **Version** | Vault v1.12.6+ent, v1.13.2+ent | -| **Product Description** | Hashicorp Vault is an identity-based secrets and encryption management system. Used in conjunction with EDB Postgres Advanced Server version 15.2, it allows users to control access to encryption keys and certificates, as well as perform key management. | \ No newline at end of file +| **Product Description** | Hashicorp Vault is an identity-based secrets and encryption management system. Used in conjunction with EDB Postgres Advanced Server versions 15.2 and above, it allows users to control access to encryption keys and certificates, as well as perform key management. | \ No newline at end of file diff --git a/advocacy_docs/partner_docs/HashicorpVault/04-ConfiguringHashicorpVault.mdx b/advocacy_docs/partner_docs/HashicorpVault/04-ConfiguringHashicorpVault.mdx index a019d01d383..0f7ea4fbc4e 100644 --- a/advocacy_docs/partner_docs/HashicorpVault/04-ConfiguringHashicorpVault.mdx +++ b/advocacy_docs/partner_docs/HashicorpVault/04-ConfiguringHashicorpVault.mdx @@ -15,6 +15,8 @@ Implementing Hashicorp Vault with EDB Postgres Advanced Server 15.2 requires the - A running EDB Postgres Advanced Server version 15.2 instance. - Hashicorp Vault installed and deployed per your VM environment +For helpful information on how TDE is incorporated with EDB Postgres Advanced Server visit the [EDB Transparent Data Encryption](https://www.enterprisedb.com/docs/tde/latest/) documentation. + ## Configure Hashicorp Vault KMIP Secrets Engine !!! Note diff --git a/advocacy_docs/partner_docs/HashicorpVault/05-UsingHashicorpVault.mdx b/advocacy_docs/partner_docs/HashicorpVault/05-UsingHashicorpVault.mdx index 53cd9afe293..fc67fd97c98 100644 --- a/advocacy_docs/partner_docs/HashicorpVault/05-UsingHashicorpVault.mdx +++ b/advocacy_docs/partner_docs/HashicorpVault/05-UsingHashicorpVault.mdx @@ -6,7 +6,7 @@ description: 'Walkthrough of example usage scenarios' After you have configured all of the Hashicorp Vault keys as stated in the Configuring section, you will be able to use them in conjunction with EDB Postgres Advanced Server 15.2. !!! Note - It is important to note that this doc is intended for versions 15.2 and above of EDB Postgres Advanced Server as this version supports Transparent Data Encryption (TDE). + It is important to note that this doc is intended for versions 15.2 and above of EDB Postgres Advanced Server as this version supports Transparant Data Encryption (TDE). Before you can implement Hashicorp Vault Secrets Engine with your EDB Postgres Advanced Server instance, you must ensure that you have the following downloaded to your system: - Python @@ -53,7 +53,8 @@ ca_certs=/tmp/ca.pem >>> c = client.ProxyKmipClient(config_file='/tmp/pykmip.conf') >>> c.open() >>> key_id = c.create(enums.CryptographicAlgorithm.AES, 128, name='edbtestkey') - (`edbtestkey` is the name that we chose for our TDE master key. Alter this per your naming requirements.) +!!! Note + `edbtestkey` is the name that we chose for our TDE master key. Alter this per your naming requirements. >>> c.activate(key_id) >>> key_id >>> 'key_output_shows_here' @@ -70,7 +71,7 @@ To ensure that your key that you created will be able to encrypt and decrypt dat - Location of the KMIP Client: /tmp/edb_tde_kmip_client.py - Output file: test.bin - Location of pykmip configuration file: /tmp/pykmip.conf -- Encrypted Key Output: TDE key output +- Encrypted Key Output: TDE master key output - Variant: Allows compatibility with KMIP servers 2. `python3 /tmp/edb_tde_kmip_client.py decrypt --in-file=test.bin --pykmip-config-file=/tmp/pykmip.conf --key-uid='key_output_here' --variant=pykmip` diff --git a/advocacy_docs/partner_docs/HashicorpVault/07-SupportandLogging.mdx b/advocacy_docs/partner_docs/HashicorpVault/07-SupportandLogging.mdx index db51f709c7a..1c36ee14f88 100644 --- a/advocacy_docs/partner_docs/HashicorpVault/07-SupportandLogging.mdx +++ b/advocacy_docs/partner_docs/HashicorpVault/07-SupportandLogging.mdx @@ -13,16 +13,6 @@ Technical support for the use of these products is provided by both EDB and Hash Navigate to the `Data` directory in your chosen EDB Postgres Advanced Server instance and from here you can navigate to `log`, `current_logfiles` or you can navigate to the `postgresql.conf` file where you can customize logging options or enable `edb_audit` logs. -**PostgreSQL Logs** - -The default log directories for PostgreSQL logs vary depending on the operating system: - -- Debian-based system: `/var/log/postgresql/postgresql-x.x.main.log. X.x.` - -- Red Hat-based system: `/var/lib/pgsql/data/pg_log` - -- Windows: `C:\Program Files\PostgreSQL\9.3\data\pg_log` - ** Hashicorp Vault Logs** Customers can use the `journalctl` function to call logs for Hashicorp Vault. From 676fc4e586eaeb8a2263af8c3119f4a8c9981b26 Mon Sep 17 00:00:00 2001 From: jkitchens32 Date: Mon, 22 May 2023 16:14:49 -0400 Subject: [PATCH 08/61] Solution Summary wording edit. --- .../partner_docs/HashicorpVault/03-SolutionSummary.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/advocacy_docs/partner_docs/HashicorpVault/03-SolutionSummary.mdx b/advocacy_docs/partner_docs/HashicorpVault/03-SolutionSummary.mdx index 8085716ab4d..2e1f0dc6d66 100644 --- a/advocacy_docs/partner_docs/HashicorpVault/03-SolutionSummary.mdx +++ b/advocacy_docs/partner_docs/HashicorpVault/03-SolutionSummary.mdx @@ -3,7 +3,7 @@ title: 'Solution Summary' description: 'Explanation of the solution and its purpose' --- -Hashicorp Vault is an identity-based secrets and encryption management system. Used in conjunction with EDB Postgres Advanced Server version 15.2, it allows users to control access to encryption keys and certificates, as well as perform key management. Using Hashicorp Vault’s KMIP secrets engine allows Vault to act as a KMIP server provider and handle the lifecycle of KMIP managed objects. +Hashicorp Vault is an identity-based secrets and encryption management system. Used in conjunction with EDB Postgres Advanced Server versions 15.2 and above, it allows users to control access to encryption keys and certificates, as well as perform key management. Using Hashicorp Vault’s KMIP secrets engine allows Vault to act as a KMIP server provider and handle the lifecycle of KMIP managed objects. Hashicorp Vault’s KMIP secrets engine manages its own listener to service any KMIP requests that operate on KMIP managed objects. The KMIP secrets engine determines the set of KMIP operations that the clients can perform based on roles that are assigned. From 5cfceae0a3444e8c344ad7df8bb29a67b4bb08c0 Mon Sep 17 00:00:00 2001 From: jkitchens32 Date: Mon, 22 May 2023 16:25:47 -0400 Subject: [PATCH 09/61] Configuring Note Edit --- .../HashicorpVault/04-ConfiguringHashicorpVault.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/advocacy_docs/partner_docs/HashicorpVault/04-ConfiguringHashicorpVault.mdx b/advocacy_docs/partner_docs/HashicorpVault/04-ConfiguringHashicorpVault.mdx index 0f7ea4fbc4e..0da00f68c7a 100644 --- a/advocacy_docs/partner_docs/HashicorpVault/04-ConfiguringHashicorpVault.mdx +++ b/advocacy_docs/partner_docs/HashicorpVault/04-ConfiguringHashicorpVault.mdx @@ -20,7 +20,7 @@ For helpful information on how TDE is incorporated with EDB Postgres Advanced Se ## Configure Hashicorp Vault KMIP Secrets Engine !!! Note - When you are configuring Vault commands and if at any point you receive this error message “Get "https://127.0.0.1:8200/v1/sys/seal-status": http: server gave HTTP response to HTTPS client” you need to issue this in your command line export VAULT_ADDR="http://127.0.0.1:8200". + You have to set your environment variable with Hashicorp Vault before you can configure the Hashicorp Vault server using the API IP address and port. If you receive this error message “Get "https://127.0.0.1:8200/v1/sys/seal-status": http: server gave HTTP response to HTTPS client” you need to issue this in your command line export VAULT_ADDR="http://127.0.0.1:8200". 1. After your Hashicorp Vault configuration is installed and deployed per the guidelines in the [Hashicorp documentation](https://developer.hashicorp.com/vault/tutorials/getting-started/getting-started-install), you will then need to enable the KMIP capabilities. From 22686f2ca347550e2ec893162202357a7b352d46 Mon Sep 17 00:00:00 2001 From: jkitchens32 Date: Mon, 22 May 2023 16:49:07 -0400 Subject: [PATCH 10/61] Final Wording and Code edits --- .../HashicorpVault/04-ConfiguringHashicorpVault.mdx | 12 ++++++------ .../HashicorpVault/05-UsingHashicorpVault.mdx | 7 +++---- 2 files changed, 9 insertions(+), 10 deletions(-) diff --git a/advocacy_docs/partner_docs/HashicorpVault/04-ConfiguringHashicorpVault.mdx b/advocacy_docs/partner_docs/HashicorpVault/04-ConfiguringHashicorpVault.mdx index 0da00f68c7a..5b301b87464 100644 --- a/advocacy_docs/partner_docs/HashicorpVault/04-ConfiguringHashicorpVault.mdx +++ b/advocacy_docs/partner_docs/HashicorpVault/04-ConfiguringHashicorpVault.mdx @@ -3,16 +3,16 @@ title: 'Configuration' description: 'Walkthrough on configuring the integration' --- -Implementing Hashicorp Vault with EDB Postgres Advanced Server 15.2 requires the following components installed on the same system: +Implementing Hashicorp Vault with EDB Postgres Advanced Server version 15.2 and above requires the following components installed on the same system: -- EDB Postgres Advanced Server version 15.2 +- EDB Postgres Advanced Server version 15.2 and above - Hashicorp Vault version 1.13.2+ent or 1.12.6+ent - [Pykmip](https://pypi.org/project/PyKMIP/#files) - Python ## Prerequisites -- A running EDB Postgres Advanced Server version 15.2 instance. +- A running EDB Postgres Advanced Server version 15.2 or above instance. - Hashicorp Vault installed and deployed per your VM environment For helpful information on how TDE is incorporated with EDB Postgres Advanced Server visit the [EDB Transparent Data Encryption](https://www.enterprisedb.com/docs/tde/latest/) documentation. @@ -75,13 +75,13 @@ After a scope and role have been created you will need to generate client certif 2. Enter `vault write -f -field=certificate \ kmip/scope/*scope_name*/role/*role_name*/credential/generate > *certificate_name*.pem`. -In our example we used role: edb, scope: admin and certificate name: kmip-cert.pem. +In our example we used role: `edb`, scope: `admin` and certificate name: `kmip-cert.pem`. ```bash root@ip-172-31-46-134:/home/ubuntu# vault write -f -field=certificate \ kmip/scope/edb/role/admin/credential/generate > kmip-cert.pem ``` -3. To view your certificates you can type `cat *certificate_name*.pem*` in the command line and this will return the certificates from Hashicorp Vault. +3. To view your certificates you can type `cat *certificate_name*.pem*` and this will return the certificates from Hashicorp Vault. ```bash root@ip-172-31-46-134:/home/ubuntu# cat kmip-cert.pem ``` @@ -145,4 +145,4 @@ IgIhAMb3y3xRXwddt2ejaow1GytysRz4LoxC3B5dLn1LoCpI -----END CERTIFICATE----- ``` -Now that you have all of the required Certificates you are ready to use Hashicorp Vault Secrets Engine with EDB Postgres Advanced Server version 15.2. \ No newline at end of file +Now that you have all of the required Certificates you are ready to use Hashicorp Vault Secrets Engine with EDB Postgres Advanced Server version 15.2 and above. \ No newline at end of file diff --git a/advocacy_docs/partner_docs/HashicorpVault/05-UsingHashicorpVault.mdx b/advocacy_docs/partner_docs/HashicorpVault/05-UsingHashicorpVault.mdx index fc67fd97c98..53cd9afe293 100644 --- a/advocacy_docs/partner_docs/HashicorpVault/05-UsingHashicorpVault.mdx +++ b/advocacy_docs/partner_docs/HashicorpVault/05-UsingHashicorpVault.mdx @@ -6,7 +6,7 @@ description: 'Walkthrough of example usage scenarios' After you have configured all of the Hashicorp Vault keys as stated in the Configuring section, you will be able to use them in conjunction with EDB Postgres Advanced Server 15.2. !!! Note - It is important to note that this doc is intended for versions 15.2 and above of EDB Postgres Advanced Server as this version supports Transparant Data Encryption (TDE). + It is important to note that this doc is intended for versions 15.2 and above of EDB Postgres Advanced Server as this version supports Transparent Data Encryption (TDE). Before you can implement Hashicorp Vault Secrets Engine with your EDB Postgres Advanced Server instance, you must ensure that you have the following downloaded to your system: - Python @@ -53,8 +53,7 @@ ca_certs=/tmp/ca.pem >>> c = client.ProxyKmipClient(config_file='/tmp/pykmip.conf') >>> c.open() >>> key_id = c.create(enums.CryptographicAlgorithm.AES, 128, name='edbtestkey') -!!! Note - `edbtestkey` is the name that we chose for our TDE master key. Alter this per your naming requirements. + (`edbtestkey` is the name that we chose for our TDE master key. Alter this per your naming requirements.) >>> c.activate(key_id) >>> key_id >>> 'key_output_shows_here' @@ -71,7 +70,7 @@ To ensure that your key that you created will be able to encrypt and decrypt dat - Location of the KMIP Client: /tmp/edb_tde_kmip_client.py - Output file: test.bin - Location of pykmip configuration file: /tmp/pykmip.conf -- Encrypted Key Output: TDE master key output +- Encrypted Key Output: TDE key output - Variant: Allows compatibility with KMIP servers 2. `python3 /tmp/edb_tde_kmip_client.py decrypt --in-file=test.bin --pykmip-config-file=/tmp/pykmip.conf --key-uid='key_output_here' --variant=pykmip` From 72ae88a47887811ba94905763e3910e4c8d546b0 Mon Sep 17 00:00:00 2001 From: jkitchens32 Date: Thu, 25 May 2023 14:36:19 -0400 Subject: [PATCH 11/61] Wording Edits --- .../partner_docs/HashicorpVault/05-UsingHashicorpVault.mdx | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/advocacy_docs/partner_docs/HashicorpVault/05-UsingHashicorpVault.mdx b/advocacy_docs/partner_docs/HashicorpVault/05-UsingHashicorpVault.mdx index 53cd9afe293..60c762d8e40 100644 --- a/advocacy_docs/partner_docs/HashicorpVault/05-UsingHashicorpVault.mdx +++ b/advocacy_docs/partner_docs/HashicorpVault/05-UsingHashicorpVault.mdx @@ -3,7 +3,7 @@ title: 'Using' description: 'Walkthrough of example usage scenarios' --- -After you have configured all of the Hashicorp Vault keys as stated in the Configuring section, you will be able to use them in conjunction with EDB Postgres Advanced Server 15.2. +After you have configured all of the Hashicorp Vault certificates, as stated in the Configuring section, you will be able to use them in conjunction with EDB Postgres Advanced Server 15.2. !!! Note It is important to note that this doc is intended for versions 15.2 and above of EDB Postgres Advanced Server as this version supports Transparent Data Encryption (TDE). @@ -13,7 +13,7 @@ Before you can implement Hashicorp Vault Secrets Engine with your EDB Postgres A - [pykmip](https://pypi.org/project/PyKMIP/#files) - edb_tde_kmip_client.py downloaded from your EDB Repos access -All of the `.pem` files that you created need to be on the system where your EDB Postgres Advanced Server 15.2 instance is installed. For our example in this guide, all of the `.pem` files and the `edb_tde_kmip_client.py` program are in the `/tmp/` directory. +The `.pem` files that you created need to be on the system where your EDB Postgres Advanced Server 15.2 instance is installed. For our example in this guide, all of the `.pem` files and the `edb_tde_kmip_client.py` program are in the `/tmp/` directory. ## Create pykmip.conf File From 980603b207694998847f947c2ab185d2c033f1ac Mon Sep 17 00:00:00 2001 From: jkitchens32 Date: Tue, 30 May 2023 13:53:37 -0400 Subject: [PATCH 12/61] Wording Update --- .../partner_docs/HashicorpVault/02-PartnerInformation.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/advocacy_docs/partner_docs/HashicorpVault/02-PartnerInformation.mdx b/advocacy_docs/partner_docs/HashicorpVault/02-PartnerInformation.mdx index 3f9d9c7d2e2..ed4ff2f99fd 100644 --- a/advocacy_docs/partner_docs/HashicorpVault/02-PartnerInformation.mdx +++ b/advocacy_docs/partner_docs/HashicorpVault/02-PartnerInformation.mdx @@ -9,4 +9,4 @@ description: 'Details of the Partner' | **Web Site** | https://www.hashicorp.com/ | | **Partner Product** | Vault | | **Version** | Vault v1.12.6+ent, v1.13.2+ent | -| **Product Description** | Hashicorp Vault is an identity-based secrets and encryption management system. Used in conjunction with EDB Postgres Advanced Server versions 15.2 and above, it allows users to control access to encryption keys and certificates, as well as perform key management. | \ No newline at end of file +| **Product Description** | Hashicorp Vault is an identity-based secrets and encryption management system. Used in conjunction with EDB Postgres Advanced Server, it allows users to control access to encryption keys and certificates, as well as perform key management. | \ No newline at end of file From 9912adecbfbcc882c5819ad9c7ffed046f1378ee Mon Sep 17 00:00:00 2001 From: jkitchens32 Date: Tue, 30 May 2023 14:37:51 -0400 Subject: [PATCH 13/61] Config Wording Changes --- .../04-ConfiguringHashicorpVault.mdx | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/advocacy_docs/partner_docs/HashicorpVault/04-ConfiguringHashicorpVault.mdx b/advocacy_docs/partner_docs/HashicorpVault/04-ConfiguringHashicorpVault.mdx index 5b301b87464..86d68609617 100644 --- a/advocacy_docs/partner_docs/HashicorpVault/04-ConfiguringHashicorpVault.mdx +++ b/advocacy_docs/partner_docs/HashicorpVault/04-ConfiguringHashicorpVault.mdx @@ -3,20 +3,18 @@ title: 'Configuration' description: 'Walkthrough on configuring the integration' --- -Implementing Hashicorp Vault with EDB Postgres Advanced Server version 15.2 and above requires the following components installed on the same system: +Implementing Hashicorp Vault with EDB Postgres Advanced Server version 15.2 and above requires the following components: -- EDB Postgres Advanced Server version 15.2 and above +- EDB Postgres Advanced Server version 15.2 or above - Hashicorp Vault version 1.13.2+ent or 1.12.6+ent - [Pykmip](https://pypi.org/project/PyKMIP/#files) - Python ## Prerequisites -- A running EDB Postgres Advanced Server version 15.2 or above instance. +- A running EDB Postgres Advanced Server instance - Hashicorp Vault installed and deployed per your VM environment -For helpful information on how TDE is incorporated with EDB Postgres Advanced Server visit the [EDB Transparent Data Encryption](https://www.enterprisedb.com/docs/tde/latest/) documentation. - ## Configure Hashicorp Vault KMIP Secrets Engine !!! Note @@ -86,11 +84,11 @@ root@ip-172-31-46-134:/home/ubuntu# vault write -f -field=certificate \ kmip/sco root@ip-172-31-46-134:/home/ubuntu# cat kmip-cert.pem ``` -4. You will need to separate the individual certificates into .pem files so they can be used in your pykmip.conf file. +4. You will need to separate the individual certificates into `.pem` files so they can be used in your pykmip.conf file. !!! Note Make sure to include ----BEGIN ------ and ----END ------ in the .pem certificate files. -5. Create a key.pem file which will contain the private key in the certificate chain. +5. Create a `key.pem` file which will contain the private key in the certificate chain. ```bash ubuntu@ip-172-31-46-134:/tmp$ cat key.pem -----BEGIN EC PRIVATE KEY----- @@ -100,7 +98,7 @@ wmmW4klCuDzRdSBvtdcA5LguWrSBimKXDw== -----END EC PRIVATE KEY----- ``` -6. Create a cert.pem file which will contain the first certificate in the certificate chain. +6. Create a `cert.pem` file which will contain the first certificate in the certificate chain. ```bash ubuntu@ip-172-31-46-134:/tmp$ cat cert.pem -----BEGIN CERTIFICATE----- @@ -117,7 +115,7 @@ Xlg2U8LToGCBEvf1quZU7T8ZQkbQCA== -----END CERTIFICATE----- ``` -7. Create a ca.pem file which will contain the last two certificates in the certificate chain. +7. Create a `ca.pem` file which will contain the last two certificates in the certificate chain. ```bash ubuntu@ip-172-31-46-134:/tmp$ cat ca.pem -----BEGIN CERTIFICATE----- @@ -145,4 +143,4 @@ IgIhAMb3y3xRXwddt2ejaow1GytysRz4LoxC3B5dLn1LoCpI -----END CERTIFICATE----- ``` -Now that you have all of the required Certificates you are ready to use Hashicorp Vault Secrets Engine with EDB Postgres Advanced Server version 15.2 and above. \ No newline at end of file +Now that you have all of the required Certificates you are ready to use Hashicorp Vault Secrets Engine with EDB Postgres Advanced Server. \ No newline at end of file From 6f72a49dd137dedc4d24ba6be150c3c674d1d17a Mon Sep 17 00:00:00 2001 From: jkitchens32 Date: Tue, 30 May 2023 15:15:09 -0400 Subject: [PATCH 14/61] Final Comparison Edits --- .../04-ConfiguringHashicorpVault.mdx | 2 +- .../HashicorpVault/05-UsingHashicorpVault.mdx | 17 ++++++++--------- 2 files changed, 9 insertions(+), 10 deletions(-) diff --git a/advocacy_docs/partner_docs/HashicorpVault/04-ConfiguringHashicorpVault.mdx b/advocacy_docs/partner_docs/HashicorpVault/04-ConfiguringHashicorpVault.mdx index 86d68609617..98f78778c89 100644 --- a/advocacy_docs/partner_docs/HashicorpVault/04-ConfiguringHashicorpVault.mdx +++ b/advocacy_docs/partner_docs/HashicorpVault/04-ConfiguringHashicorpVault.mdx @@ -143,4 +143,4 @@ IgIhAMb3y3xRXwddt2ejaow1GytysRz4LoxC3B5dLn1LoCpI -----END CERTIFICATE----- ``` -Now that you have all of the required Certificates you are ready to use Hashicorp Vault Secrets Engine with EDB Postgres Advanced Server. \ No newline at end of file +Now that you have all of the required Certificates you are ready to use Hashicorp Vault Secrets Engine with EDB Postgres Advanced Server with TDE. \ No newline at end of file diff --git a/advocacy_docs/partner_docs/HashicorpVault/05-UsingHashicorpVault.mdx b/advocacy_docs/partner_docs/HashicorpVault/05-UsingHashicorpVault.mdx index 60c762d8e40..f6180ace490 100644 --- a/advocacy_docs/partner_docs/HashicorpVault/05-UsingHashicorpVault.mdx +++ b/advocacy_docs/partner_docs/HashicorpVault/05-UsingHashicorpVault.mdx @@ -3,21 +3,21 @@ title: 'Using' description: 'Walkthrough of example usage scenarios' --- -After you have configured all of the Hashicorp Vault certificates, as stated in the Configuring section, you will be able to use them in conjunction with EDB Postgres Advanced Server 15.2. +After you have configured all of the Hashicorp Vault certificates, as stated in the Configuring section, you will be able to use them in conjunction with EDB Postgres Advanced Server. !!! Note It is important to note that this doc is intended for versions 15.2 and above of EDB Postgres Advanced Server as this version supports Transparent Data Encryption (TDE). -Before you can implement Hashicorp Vault Secrets Engine with your EDB Postgres Advanced Server instance, you must ensure that you have the following downloaded to your system: +To implement Hashicorp Vault Secrets Engine with EDB Postgres Advanced Server, you must ensure that you have the following downloaded to your system: - Python - [pykmip](https://pypi.org/project/PyKMIP/#files) - edb_tde_kmip_client.py downloaded from your EDB Repos access -The `.pem` files that you created need to be on the system where your EDB Postgres Advanced Server 15.2 instance is installed. For our example in this guide, all of the `.pem` files and the `edb_tde_kmip_client.py` program are in the `/tmp/` directory. +All of the `.pem` files that you created in teh Configuring section, `key.pem`, `cert.pem` and `ca.pem`, need to be copied to the system where your EDB Postgres Advanced Server instance is installed. For our example, all of the `.pem` files and the `edb_tde_kmip_client.py` program are in the `/tmp/` directory. ## Create pykmip.conf File -1. On your system where you have your EDB Postgres Advanced Server 15.2 instance, navigate to the directory where you have saved your `.pem` files and the `edb_tde_kmip_client.py` client. +1. On your system where you have your EDB Postgres Advanced Server instance, navigate to the directory where you have saved your `.pem` files and the `edb_tde_kmip_client.py` client. 2. In that directory create a file called `pykmip.conf` and input the following: - Host @@ -35,7 +35,6 @@ port=5696 keyfile=/tmp/key.pem certfile=/tmp/cert.pem ca_certs=/tmp/ca.pem -#cert_reqs=CERT_REQUIRED ``` !!! Note @@ -43,7 +42,7 @@ ca_certs=/tmp/ca.pem ## Create a Key on Hashicorp Vault Secrets Engine -1. On your system where you have your EDB Postgres Advanced Server 15.2 instance, assume root user to create the key on the Hashicorp Vault Secrets Engine. +1. On your system where you have your EDB Postgres Advanced Server instance, assume root user to create the key on the Hashicorp Vault Secrets Engine. 2. Type `python3` and then input the following, making adjustments per your system setup and directory paths: @@ -64,14 +63,14 @@ ca_certs=/tmp/ca.pem ## Verify Encryption and Decryption -To ensure that your key that you created will be able to encrypt and decrypt data, run the following two commands as the root user on your system where you have your EDB Postgres Advanced Server 15.2 instance. +To ensure that your key you created will be able to encrypt and decrypt data, run the following two commands as the root user on your system where you have your EDB Postgres Advanced Server instance. 1. `printf secret | python3 /tmp/edb_tde_kmip_client.py encrypt --out-file=test.bin --pykmip-config-file=/tmp/pykmip.conf --key-uid='key_output_here’ --variant=pykmip` - Location of the KMIP Client: /tmp/edb_tde_kmip_client.py - Output file: test.bin - Location of pykmip configuration file: /tmp/pykmip.conf - Encrypted Key Output: TDE key output -- Variant: Allows compatibility with KMIP servers +- Variant: Allows for KMIP compatibility with HashiCorp Vault 2. `python3 /tmp/edb_tde_kmip_client.py decrypt --in-file=test.bin --pykmip-config-file=/tmp/pykmip.conf --key-uid='key_output_here' --variant=pykmip` @@ -237,7 +236,7 @@ Success. You can now start the database server using: ``` -7. Start your database and navigate to your `/data` directory to view the postgresql.conf file to ensure that your `data_encryption_key_unwrap_command` that you set with your `export PGDATAUNWRAPCMD` is present under the Authentication section. +7. Start your database and navigate to your `/data` directory to view the postgresql.conf file to ensure that your `data_encryption_key_unwrap_command`, which you set with your `export PGDATAUNWRAPCMD`, is present under the Authentication section. ```bash # - Authentication - From e69fcb8be4063e616e32d29c994181f23d1f27fa Mon Sep 17 00:00:00 2001 From: jkitchens32 Date: Mon, 12 Jun 2023 13:57:52 -0400 Subject: [PATCH 15/61] Added Extended --- .../partner_docs/HashicorpVault/02-PartnerInformation.mdx | 2 +- .../partner_docs/HashicorpVault/03-SolutionSummary.mdx | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/advocacy_docs/partner_docs/HashicorpVault/02-PartnerInformation.mdx b/advocacy_docs/partner_docs/HashicorpVault/02-PartnerInformation.mdx index ed4ff2f99fd..cda96a21513 100644 --- a/advocacy_docs/partner_docs/HashicorpVault/02-PartnerInformation.mdx +++ b/advocacy_docs/partner_docs/HashicorpVault/02-PartnerInformation.mdx @@ -9,4 +9,4 @@ description: 'Details of the Partner' | **Web Site** | https://www.hashicorp.com/ | | **Partner Product** | Vault | | **Version** | Vault v1.12.6+ent, v1.13.2+ent | -| **Product Description** | Hashicorp Vault is an identity-based secrets and encryption management system. Used in conjunction with EDB Postgres Advanced Server, it allows users to control access to encryption keys and certificates, as well as perform key management. | \ No newline at end of file +| **Product Description** | Hashicorp Vault is an identity-based secrets and encryption management system. Used in conjunction with EDB Postgres Advanced Server or EDB Postgres Extended Server, it allows users to control access to encryption keys and certificates, as well as perform key management. | \ No newline at end of file diff --git a/advocacy_docs/partner_docs/HashicorpVault/03-SolutionSummary.mdx b/advocacy_docs/partner_docs/HashicorpVault/03-SolutionSummary.mdx index 2e1f0dc6d66..acce944dab7 100644 --- a/advocacy_docs/partner_docs/HashicorpVault/03-SolutionSummary.mdx +++ b/advocacy_docs/partner_docs/HashicorpVault/03-SolutionSummary.mdx @@ -3,7 +3,7 @@ title: 'Solution Summary' description: 'Explanation of the solution and its purpose' --- -Hashicorp Vault is an identity-based secrets and encryption management system. Used in conjunction with EDB Postgres Advanced Server versions 15.2 and above, it allows users to control access to encryption keys and certificates, as well as perform key management. Using Hashicorp Vault’s KMIP secrets engine allows Vault to act as a KMIP server provider and handle the lifecycle of KMIP managed objects. +Hashicorp Vault is an identity-based secrets and encryption management system. Used in conjunction with EDB Postgres Advanced Server versions 15.2 or EDB Postgres Extended Server versions 15.2 and above, it allows users to control access to encryption keys and certificates, as well as perform key management. Using Hashicorp Vault’s KMIP secrets engine allows Vault to act as a KMIP server provider and handle the lifecycle of KMIP managed objects. Hashicorp Vault’s KMIP secrets engine manages its own listener to service any KMIP requests that operate on KMIP managed objects. The KMIP secrets engine determines the set of KMIP operations that the clients can perform based on roles that are assigned. From 3eeec5d731bd0a096cc178bf1878ce4a73f5d157 Mon Sep 17 00:00:00 2001 From: jkitchens32 Date: Tue, 13 Jun 2023 14:08:56 -0400 Subject: [PATCH 16/61] Extended Update --- .../partner_docs/HashicorpVault/03-SolutionSummary.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/advocacy_docs/partner_docs/HashicorpVault/03-SolutionSummary.mdx b/advocacy_docs/partner_docs/HashicorpVault/03-SolutionSummary.mdx index acce944dab7..bafca3d1d5a 100644 --- a/advocacy_docs/partner_docs/HashicorpVault/03-SolutionSummary.mdx +++ b/advocacy_docs/partner_docs/HashicorpVault/03-SolutionSummary.mdx @@ -3,7 +3,7 @@ title: 'Solution Summary' description: 'Explanation of the solution and its purpose' --- -Hashicorp Vault is an identity-based secrets and encryption management system. Used in conjunction with EDB Postgres Advanced Server versions 15.2 or EDB Postgres Extended Server versions 15.2 and above, it allows users to control access to encryption keys and certificates, as well as perform key management. Using Hashicorp Vault’s KMIP secrets engine allows Vault to act as a KMIP server provider and handle the lifecycle of KMIP managed objects. +Hashicorp Vault is an identity-based secrets and encryption management system. Used in conjunction with EDB Postgres Advanced Server versions 15.2 and above or EDB Postgres Extended Server versions 15 and above, it allows users to control access to encryption keys and certificates, as well as perform key management. Using Hashicorp Vault’s KMIP secrets engine allows Vault to act as a KMIP server provider and handle the lifecycle of KMIP managed objects. Hashicorp Vault’s KMIP secrets engine manages its own listener to service any KMIP requests that operate on KMIP managed objects. The KMIP secrets engine determines the set of KMIP operations that the clients can perform based on roles that are assigned. From dc1e1205237242d4c4fab40f07e3048f64c7d5d4 Mon Sep 17 00:00:00 2001 From: jkitchens32 Date: Thu, 15 Jun 2023 13:00:42 -0400 Subject: [PATCH 17/61] Added Enterprise Piece --- .../HashicorpVault/04-ConfiguringHashicorpVault.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/advocacy_docs/partner_docs/HashicorpVault/04-ConfiguringHashicorpVault.mdx b/advocacy_docs/partner_docs/HashicorpVault/04-ConfiguringHashicorpVault.mdx index 98f78778c89..c1ccad5baa7 100644 --- a/advocacy_docs/partner_docs/HashicorpVault/04-ConfiguringHashicorpVault.mdx +++ b/advocacy_docs/partner_docs/HashicorpVault/04-ConfiguringHashicorpVault.mdx @@ -13,7 +13,7 @@ Implementing Hashicorp Vault with EDB Postgres Advanced Server version 15.2 and ## Prerequisites - A running EDB Postgres Advanced Server instance -- Hashicorp Vault installed and deployed per your VM environment +- Hashicorp Vault Enterprise edition with enterprise licensing installed and deployed per your VM environment ## Configure Hashicorp Vault KMIP Secrets Engine From 27dd6c6a707e3f24b72769ca3943fad34e74d6f7 Mon Sep 17 00:00:00 2001 From: jkitchens32 Date: Mon, 19 Jun 2023 08:09:23 -0400 Subject: [PATCH 18/61] Added PG Distributed and Vault Ent. --- .../04-ConfiguringHashicorpVault.mdx | 12 +++++++----- .../HashicorpVault/05-UsingHashicorpVault.mdx | 18 +++++++++--------- .../HashicorpVault/07-SupportandLogging.mdx | 4 ++++ 3 files changed, 20 insertions(+), 14 deletions(-) diff --git a/advocacy_docs/partner_docs/HashicorpVault/04-ConfiguringHashicorpVault.mdx b/advocacy_docs/partner_docs/HashicorpVault/04-ConfiguringHashicorpVault.mdx index c1ccad5baa7..e6900ac3e5c 100644 --- a/advocacy_docs/partner_docs/HashicorpVault/04-ConfiguringHashicorpVault.mdx +++ b/advocacy_docs/partner_docs/HashicorpVault/04-ConfiguringHashicorpVault.mdx @@ -3,16 +3,18 @@ title: 'Configuration' description: 'Walkthrough on configuring the integration' --- -Implementing Hashicorp Vault with EDB Postgres Advanced Server version 15.2 and above requires the following components: +Implementing Hashicorp Vault with EDB Postgres Advanced Server version 15.2 and above and EDB Postgres Extended Server version 15 and above requires the following components: +!!! Note + The EDB Postgres Advanced Server version 15.2 and above and EDB Postgres Extended Server version 15 and above, products will be referred to as Postgres Distribution. The specific Distribution type will be dependant upon customer need or preference. -- EDB Postgres Advanced Server version 15.2 or above -- Hashicorp Vault version 1.13.2+ent or 1.12.6+ent +- An active Postgres Distribution +- Hashicorp Vault Enterprise version 1.13.2+ent or 1.12.6+ent - [Pykmip](https://pypi.org/project/PyKMIP/#files) - Python ## Prerequisites -- A running EDB Postgres Advanced Server instance +- A running Postgres Distribution - Hashicorp Vault Enterprise edition with enterprise licensing installed and deployed per your VM environment ## Configure Hashicorp Vault KMIP Secrets Engine @@ -143,4 +145,4 @@ IgIhAMb3y3xRXwddt2ejaow1GytysRz4LoxC3B5dLn1LoCpI -----END CERTIFICATE----- ``` -Now that you have all of the required Certificates you are ready to use Hashicorp Vault Secrets Engine with EDB Postgres Advanced Server with TDE. \ No newline at end of file +Now that you have all of the required Certificates you are ready to use Hashicorp Vault Secrets Engine with your Postgres Distribution with TDE. \ No newline at end of file diff --git a/advocacy_docs/partner_docs/HashicorpVault/05-UsingHashicorpVault.mdx b/advocacy_docs/partner_docs/HashicorpVault/05-UsingHashicorpVault.mdx index f6180ace490..e6520b975f5 100644 --- a/advocacy_docs/partner_docs/HashicorpVault/05-UsingHashicorpVault.mdx +++ b/advocacy_docs/partner_docs/HashicorpVault/05-UsingHashicorpVault.mdx @@ -3,21 +3,21 @@ title: 'Using' description: 'Walkthrough of example usage scenarios' --- -After you have configured all of the Hashicorp Vault certificates, as stated in the Configuring section, you will be able to use them in conjunction with EDB Postgres Advanced Server. +After you have configured all of the Hashicorp Vault certificates, as stated in the Configuring section, you will be able to use them in conjunction with your Postgres Distribution. !!! Note - It is important to note that this doc is intended for versions 15.2 and above of EDB Postgres Advanced Server as this version supports Transparent Data Encryption (TDE). + It is important to note that this doc is intended for versions 15.2 and above of EDB Postgres Advanced Server and versions 15 and above of EDB Postgres Extended Server as these versions support Transparent Data Encryption (TDE). -To implement Hashicorp Vault Secrets Engine with EDB Postgres Advanced Server, you must ensure that you have the following downloaded to your system: +To implement Hashicorp Vault Secrets Engine with your Postgres Distribution, you must ensure that you have the following downloaded to your system: - Python - [pykmip](https://pypi.org/project/PyKMIP/#files) - edb_tde_kmip_client.py downloaded from your EDB Repos access -All of the `.pem` files that you created in teh Configuring section, `key.pem`, `cert.pem` and `ca.pem`, need to be copied to the system where your EDB Postgres Advanced Server instance is installed. For our example, all of the `.pem` files and the `edb_tde_kmip_client.py` program are in the `/tmp/` directory. +All of the `.pem` files that you created in teh Configuring section, `key.pem`, `cert.pem` and `ca.pem`, need to be copied to the system where your Postgres Distribution is installed. For our example, all of the `.pem` files and the `edb_tde_kmip_client.py` program are in the `/tmp/` directory. ## Create pykmip.conf File -1. On your system where you have your EDB Postgres Advanced Server instance, navigate to the directory where you have saved your `.pem` files and the `edb_tde_kmip_client.py` client. +1. On your system where you have your Postgres Distribution, navigate to the directory where you have saved your `.pem` files and the `edb_tde_kmip_client.py` client. 2. In that directory create a file called `pykmip.conf` and input the following: - Host @@ -42,7 +42,7 @@ ca_certs=/tmp/ca.pem ## Create a Key on Hashicorp Vault Secrets Engine -1. On your system where you have your EDB Postgres Advanced Server instance, assume root user to create the key on the Hashicorp Vault Secrets Engine. +1. On your system where you have your Postgres Distribution, assume root user to create the key on the Hashicorp Vault Secrets Engine. 2. Type `python3` and then input the following, making adjustments per your system setup and directory paths: @@ -63,7 +63,7 @@ ca_certs=/tmp/ca.pem ## Verify Encryption and Decryption -To ensure that your key you created will be able to encrypt and decrypt data, run the following two commands as the root user on your system where you have your EDB Postgres Advanced Server instance. +To ensure that your key you created will be able to encrypt and decrypt data, run the following two commands as the root user on your system where you have your Postgres Distribution. 1. `printf secret | python3 /tmp/edb_tde_kmip_client.py encrypt --out-file=test.bin --pykmip-config-file=/tmp/pykmip.conf --key-uid='key_output_here’ --variant=pykmip` - Location of the KMIP Client: /tmp/edb_tde_kmip_client.py @@ -87,7 +87,7 @@ root@ip-172-31-46-134:/etc/vault.d# After you have completed the above steps you will be able to export the PGDATAKEYWRAPCMD and PGDATAKEYUNWRAPCMD to wrap and unwrap your encryption key and initialize your database. -1. Login to your EDB Postgres Advanced Server system as enterprisedb user, `sudo su - enterprisedb`. +1. Login to your Postgres Distribution as the Superuser. For our example: **enterprisedb user**, `sudo su - enterprisedb`. 2. Navigate to the `/bin` directory where your executables live. In our example it is `/usr/lib/edb-as/15/bin`. @@ -272,5 +272,5 @@ data_encryption_key_unwrap_command = 'python3 /tmp/edb_tde_kmip_client.py decryp ``` -For more information on how TDE is incorporated with EDB Postgres Advanced Server visit the [EDB Transparent Data Encryption](https://www.enterprisedb.com/docs/tde/latest/) documentation. +For more information on how TDE is incorporated with EDB Postgres Advanced Server and EDB Postgres Extended Server visit the [EDB Transparent Data Encryption](https://www.enterprisedb.com/docs/tde/latest/) documentation. diff --git a/advocacy_docs/partner_docs/HashicorpVault/07-SupportandLogging.mdx b/advocacy_docs/partner_docs/HashicorpVault/07-SupportandLogging.mdx index 1c36ee14f88..423d58ebc43 100644 --- a/advocacy_docs/partner_docs/HashicorpVault/07-SupportandLogging.mdx +++ b/advocacy_docs/partner_docs/HashicorpVault/07-SupportandLogging.mdx @@ -13,6 +13,10 @@ Technical support for the use of these products is provided by both EDB and Hash Navigate to the `Data` directory in your chosen EDB Postgres Advanced Server instance and from here you can navigate to `log`, `current_logfiles` or you can navigate to the `postgresql.conf` file where you can customize logging options or enable `edb_audit` logs. +**EDB Postgres Extended Server Logs** + +Navigate to the `Data` directory in your chosen EDB Postgres Extended Server instance and from here you can navigate to `log`, or you can navigate to the `postgresql.conf` file where you can customize logging options. An example of the full path to view EDB Postgres Extended logs: `/var/lib/edb-pge/15/data/log`. + ** Hashicorp Vault Logs** Customers can use the `journalctl` function to call logs for Hashicorp Vault. From 4fca65d9199f6b07c620caf439a8222af84e5f8f Mon Sep 17 00:00:00 2001 From: jkitchens32 Date: Mon, 19 Jun 2023 11:36:21 -0400 Subject: [PATCH 19/61] Extended in Certification Env. --- .../partner_docs/HashicorpVault/06-CertificationEnvironment.mdx | 1 + 1 file changed, 1 insertion(+) diff --git a/advocacy_docs/partner_docs/HashicorpVault/06-CertificationEnvironment.mdx b/advocacy_docs/partner_docs/HashicorpVault/06-CertificationEnvironment.mdx index cab401be28c..8e2f382d599 100644 --- a/advocacy_docs/partner_docs/HashicorpVault/06-CertificationEnvironment.mdx +++ b/advocacy_docs/partner_docs/HashicorpVault/06-CertificationEnvironment.mdx @@ -7,4 +7,5 @@ description: 'Overview of the Certification Environment' | ----------- | ----------- | | **Certification Test Date** | May 3rd, 2023 | | **EDB Postgres Advanced Server** | 15.2 | +| **EDB Postgres Extended Server** | 15 | | **Thales CipherTrust Manager** | Vault v1.12.6+ent, Vault v1.13.2+ent | \ No newline at end of file From e6a6d3ba7f4229e0be701234afdbc14a770c21f4 Mon Sep 17 00:00:00 2001 From: jkitchens32 Date: Mon, 19 Jun 2023 16:25:30 -0400 Subject: [PATCH 20/61] Quick Change --- .../HashicorpVault/04-ConfiguringHashicorpVault.mdx | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/advocacy_docs/partner_docs/HashicorpVault/04-ConfiguringHashicorpVault.mdx b/advocacy_docs/partner_docs/HashicorpVault/04-ConfiguringHashicorpVault.mdx index e6900ac3e5c..9e75091da4a 100644 --- a/advocacy_docs/partner_docs/HashicorpVault/04-ConfiguringHashicorpVault.mdx +++ b/advocacy_docs/partner_docs/HashicorpVault/04-ConfiguringHashicorpVault.mdx @@ -14,9 +14,20 @@ Implementing Hashicorp Vault with EDB Postgres Advanced Server version 15.2 and ## Prerequisites -- A running Postgres Distribution +- A running Postgres Distribution with Python and pykmip installed - Hashicorp Vault Enterprise edition with enterprise licensing installed and deployed per your VM environment +## Check Python and Install pykmip on Server + +To check your version of Python on your machine simply type `python3` and it will return the version. +```bash +root@ip-172-31-46-134:/home/ubuntu# python +Python 3.8.10 (default, May 26 2023, 14:05:08) +[GCC 9.4.0] on linux +Type "help", "copyright", "credits" or "license" for more information. +``` +To install pykmip, as root user, first install the `pip` utility with `apt install python3-pip`. Once that is complete then type `pip install pykmip` to install the pykmip requirement. + ## Configure Hashicorp Vault KMIP Secrets Engine !!! Note From cccaa7d4aa7ab49f245dccbdf08ca9d131aa3aa0 Mon Sep 17 00:00:00 2001 From: jkitchens32 Date: Mon, 19 Jun 2023 18:24:43 -0400 Subject: [PATCH 21/61] Python Add --- .../HashicorpVault/04-ConfiguringHashicorpVault.mdx | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/advocacy_docs/partner_docs/HashicorpVault/04-ConfiguringHashicorpVault.mdx b/advocacy_docs/partner_docs/HashicorpVault/04-ConfiguringHashicorpVault.mdx index 9e75091da4a..c5bd5693130 100644 --- a/advocacy_docs/partner_docs/HashicorpVault/04-ConfiguringHashicorpVault.mdx +++ b/advocacy_docs/partner_docs/HashicorpVault/04-ConfiguringHashicorpVault.mdx @@ -17,16 +17,20 @@ Implementing Hashicorp Vault with EDB Postgres Advanced Server version 15.2 and - A running Postgres Distribution with Python and pykmip installed - Hashicorp Vault Enterprise edition with enterprise licensing installed and deployed per your VM environment -## Check Python and Install pykmip on Server +## Check/Install Python and Install pykmip on Server -To check your version of Python on your machine simply type `python3` and it will return the version. +Many Unix-compatible operating systems such as macOS and some Linux distributions have Python installed by default as it is included in a base installation. + +To check your version of Python on your machine, or to see if it is installed, simply type `python3` and it will return the version. You can also type `ps -ef |grep python` to return a python running process. ```bash root@ip-172-31-46-134:/home/ubuntu# python Python 3.8.10 (default, May 26 2023, 14:05:08) [GCC 9.4.0] on linux Type "help", "copyright", "credits" or "license" for more information. ``` -To install pykmip, as root user, first install the `pip` utility with `apt install python3-pip`. Once that is complete then type `pip install pykmip` to install the pykmip requirement. +If you run a check and find that your system does not have Python installed, you can follow the docs and download it from [Python.org](https://www.python.org/downloads/). Simply select your specific OS and download and install on your system. + +To install pykmip, as root user, first install the `pip` utility, for example `apt install python3-pip` for Debian systems. Once that is complete then type `pip install pykmip` to install the pykmip requirement. ## Configure Hashicorp Vault KMIP Secrets Engine From fcc6d08d9777ce4c30b6650726a5fb1b333dab28 Mon Sep 17 00:00:00 2001 From: jkitchens32 Date: Fri, 23 Jun 2023 12:22:09 -0400 Subject: [PATCH 22/61] Wording Edits --- .../HashicorpVault/03-SolutionSummary.mdx | 2 +- .../04-ConfiguringHashicorpVault.mdx | 18 +++++++++--------- .../HashicorpVault/05-UsingHashicorpVault.mdx | 16 ++++++++-------- .../06-CertificationEnvironment.mdx | 2 +- 4 files changed, 19 insertions(+), 19 deletions(-) diff --git a/advocacy_docs/partner_docs/HashicorpVault/03-SolutionSummary.mdx b/advocacy_docs/partner_docs/HashicorpVault/03-SolutionSummary.mdx index bafca3d1d5a..0e7d5e52a79 100644 --- a/advocacy_docs/partner_docs/HashicorpVault/03-SolutionSummary.mdx +++ b/advocacy_docs/partner_docs/HashicorpVault/03-SolutionSummary.mdx @@ -3,7 +3,7 @@ title: 'Solution Summary' description: 'Explanation of the solution and its purpose' --- -Hashicorp Vault is an identity-based secrets and encryption management system. Used in conjunction with EDB Postgres Advanced Server versions 15.2 and above or EDB Postgres Extended Server versions 15 and above, it allows users to control access to encryption keys and certificates, as well as perform key management. Using Hashicorp Vault’s KMIP secrets engine allows Vault to act as a KMIP server provider and handle the lifecycle of KMIP managed objects. +Hashicorp Vault is an identity-based secrets and encryption management system. Used in conjunction with EDB Postgres Advanced Server versions 15.2 and above or EDB Postgres Extended Server versions 15.2 and above, it allows users to control access to encryption keys and certificates, as well as perform key management. Using Hashicorp Vault’s KMIP secrets engine allows Vault to act as a KMIP server provider and handle the lifecycle of KMIP managed objects. Hashicorp Vault’s KMIP secrets engine manages its own listener to service any KMIP requests that operate on KMIP managed objects. The KMIP secrets engine determines the set of KMIP operations that the clients can perform based on roles that are assigned. diff --git a/advocacy_docs/partner_docs/HashicorpVault/04-ConfiguringHashicorpVault.mdx b/advocacy_docs/partner_docs/HashicorpVault/04-ConfiguringHashicorpVault.mdx index c5bd5693130..fb3481e77e5 100644 --- a/advocacy_docs/partner_docs/HashicorpVault/04-ConfiguringHashicorpVault.mdx +++ b/advocacy_docs/partner_docs/HashicorpVault/04-ConfiguringHashicorpVault.mdx @@ -3,18 +3,18 @@ title: 'Configuration' description: 'Walkthrough on configuring the integration' --- -Implementing Hashicorp Vault with EDB Postgres Advanced Server version 15.2 and above and EDB Postgres Extended Server version 15 and above requires the following components: +Implementing Hashicorp Vault with EDB Postgres Advanced Server version 15.2 and above and EDB Postgres Extended Server version 15.2 and above requires the following components: !!! Note - The EDB Postgres Advanced Server version 15.2 and above and EDB Postgres Extended Server version 15 and above, products will be referred to as Postgres Distribution. The specific Distribution type will be dependant upon customer need or preference. + The EDB Postgres Advanced Server version 15.2 and above and EDB Postgres Extended Server version 15.2 and above, products will be referred to as EDB Postgres distribution. The specific distribution type will be dependant upon customer need or preference. -- An active Postgres Distribution +- EDB Postgres Distribution (15.2 or later) - Hashicorp Vault Enterprise version 1.13.2+ent or 1.12.6+ent - [Pykmip](https://pypi.org/project/PyKMIP/#files) - Python ## Prerequisites -- A running Postgres Distribution with Python and pykmip installed +- A running EDB Postgres distribution with Python and pykmip installed - Hashicorp Vault Enterprise edition with enterprise licensing installed and deployed per your VM environment ## Check/Install Python and Install pykmip on Server @@ -96,7 +96,7 @@ In our example we used role: `edb`, scope: `admin` and certificate name: `kmip-c root@ip-172-31-46-134:/home/ubuntu# vault write -f -field=certificate \ kmip/scope/edb/role/admin/credential/generate > kmip-cert.pem ``` -3. To view your certificates you can type `cat *certificate_name*.pem*` and this will return the certificates from Hashicorp Vault. +3. To view your certificates type `cat *certificate_name*.pem*` and this will return the certificates from Hashicorp Vault. ```bash root@ip-172-31-46-134:/home/ubuntu# cat kmip-cert.pem ``` @@ -105,7 +105,7 @@ root@ip-172-31-46-134:/home/ubuntu# cat kmip-cert.pem !!! Note Make sure to include ----BEGIN ------ and ----END ------ in the .pem certificate files. -5. Create a `key.pem` file which will contain the private key in the certificate chain. +5. Create a `key.pem` file contains the private key in the certificate chain. ```bash ubuntu@ip-172-31-46-134:/tmp$ cat key.pem -----BEGIN EC PRIVATE KEY----- @@ -115,7 +115,7 @@ wmmW4klCuDzRdSBvtdcA5LguWrSBimKXDw== -----END EC PRIVATE KEY----- ``` -6. Create a `cert.pem` file which will contain the first certificate in the certificate chain. +6. Create a `cert.pem` file contains the first certificate in the certificate chain. ```bash ubuntu@ip-172-31-46-134:/tmp$ cat cert.pem -----BEGIN CERTIFICATE----- @@ -132,7 +132,7 @@ Xlg2U8LToGCBEvf1quZU7T8ZQkbQCA== -----END CERTIFICATE----- ``` -7. Create a `ca.pem` file which will contain the last two certificates in the certificate chain. +7. Create a `ca.pem` file contains the last two certificates in the certificate chain. ```bash ubuntu@ip-172-31-46-134:/tmp$ cat ca.pem -----BEGIN CERTIFICATE----- @@ -160,4 +160,4 @@ IgIhAMb3y3xRXwddt2ejaow1GytysRz4LoxC3B5dLn1LoCpI -----END CERTIFICATE----- ``` -Now that you have all of the required Certificates you are ready to use Hashicorp Vault Secrets Engine with your Postgres Distribution with TDE. \ No newline at end of file +Now that you have all of the required certificates you are ready to use Hashicorp Vault Secrets Engine with your EDB Postgres distribution with TDE. \ No newline at end of file diff --git a/advocacy_docs/partner_docs/HashicorpVault/05-UsingHashicorpVault.mdx b/advocacy_docs/partner_docs/HashicorpVault/05-UsingHashicorpVault.mdx index e6520b975f5..36ae29b6701 100644 --- a/advocacy_docs/partner_docs/HashicorpVault/05-UsingHashicorpVault.mdx +++ b/advocacy_docs/partner_docs/HashicorpVault/05-UsingHashicorpVault.mdx @@ -3,21 +3,21 @@ title: 'Using' description: 'Walkthrough of example usage scenarios' --- -After you have configured all of the Hashicorp Vault certificates, as stated in the Configuring section, you will be able to use them in conjunction with your Postgres Distribution. +After you have configured all of the Hashicorp Vault certificates, as stated in the Configuring section, you will be able to use them in conjunction with your EDB Postgres distribution. !!! Note - It is important to note that this doc is intended for versions 15.2 and above of EDB Postgres Advanced Server and versions 15 and above of EDB Postgres Extended Server as these versions support Transparent Data Encryption (TDE). + It is important to note that this doc is intended for versions 15.2 and above of EDB Postgres Advanced Server and versions 15.2 and above of EDB Postgres Extended Server as these versions support Transparent Data Encryption (TDE). -To implement Hashicorp Vault Secrets Engine with your Postgres Distribution, you must ensure that you have the following downloaded to your system: +To implement Hashicorp Vault Secrets Engine with your EDB Postgres distribution, you must ensure that you have the following downloaded to your system: - Python - [pykmip](https://pypi.org/project/PyKMIP/#files) - edb_tde_kmip_client.py downloaded from your EDB Repos access -All of the `.pem` files that you created in teh Configuring section, `key.pem`, `cert.pem` and `ca.pem`, need to be copied to the system where your Postgres Distribution is installed. For our example, all of the `.pem` files and the `edb_tde_kmip_client.py` program are in the `/tmp/` directory. +All of the `.pem` files that you created in the Configuring section, `key.pem`, `cert.pem` and `ca.pem`, need to be copied to the system where your EDB Postgres distribution is installed. For our example, all of the `.pem` files and the `edb_tde_kmip_client.py` program are in the `/tmp/` directory. ## Create pykmip.conf File -1. On your system where you have your Postgres Distribution, navigate to the directory where you have saved your `.pem` files and the `edb_tde_kmip_client.py` client. +1. On your system where you have your EDB Postgres distribution, navigate to the directory where you have saved your `.pem` files and the `edb_tde_kmip_client.py` client. 2. In that directory create a file called `pykmip.conf` and input the following: - Host @@ -42,7 +42,7 @@ ca_certs=/tmp/ca.pem ## Create a Key on Hashicorp Vault Secrets Engine -1. On your system where you have your Postgres Distribution, assume root user to create the key on the Hashicorp Vault Secrets Engine. +1. On your system where you have your EDB Postgres distribution, assume root user to create the key on the Hashicorp Vault Secrets Engine. 2. Type `python3` and then input the following, making adjustments per your system setup and directory paths: @@ -63,7 +63,7 @@ ca_certs=/tmp/ca.pem ## Verify Encryption and Decryption -To ensure that your key you created will be able to encrypt and decrypt data, run the following two commands as the root user on your system where you have your Postgres Distribution. +To ensure that your key you created will be able to encrypt and decrypt data, run the following two commands as the root user on your system with your EDB Postgres distribution. 1. `printf secret | python3 /tmp/edb_tde_kmip_client.py encrypt --out-file=test.bin --pykmip-config-file=/tmp/pykmip.conf --key-uid='key_output_here’ --variant=pykmip` - Location of the KMIP Client: /tmp/edb_tde_kmip_client.py @@ -87,7 +87,7 @@ root@ip-172-31-46-134:/etc/vault.d# After you have completed the above steps you will be able to export the PGDATAKEYWRAPCMD and PGDATAKEYUNWRAPCMD to wrap and unwrap your encryption key and initialize your database. -1. Login to your Postgres Distribution as the Superuser. For our example: **enterprisedb user**, `sudo su - enterprisedb`. +1. Login to your EDB Postgres distribution as the Superuser. For our example: **enterprisedb user**, `sudo su - enterprisedb`. 2. Navigate to the `/bin` directory where your executables live. In our example it is `/usr/lib/edb-as/15/bin`. diff --git a/advocacy_docs/partner_docs/HashicorpVault/06-CertificationEnvironment.mdx b/advocacy_docs/partner_docs/HashicorpVault/06-CertificationEnvironment.mdx index 8e2f382d599..7fe7f9fb06a 100644 --- a/advocacy_docs/partner_docs/HashicorpVault/06-CertificationEnvironment.mdx +++ b/advocacy_docs/partner_docs/HashicorpVault/06-CertificationEnvironment.mdx @@ -7,5 +7,5 @@ description: 'Overview of the Certification Environment' | ----------- | ----------- | | **Certification Test Date** | May 3rd, 2023 | | **EDB Postgres Advanced Server** | 15.2 | -| **EDB Postgres Extended Server** | 15 | +| **EDB Postgres Extended Server** | 15.2 | | **Thales CipherTrust Manager** | Vault v1.12.6+ent, Vault v1.13.2+ent | \ No newline at end of file From 9536241ba8d1ff737df188c2575b796d277040c8 Mon Sep 17 00:00:00 2001 From: jkitchens32 Date: Wed, 5 Jul 2023 10:03:31 -0400 Subject: [PATCH 23/61] Spelling --- .../HashicorpVault/04-ConfiguringHashicorpVault.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/advocacy_docs/partner_docs/HashicorpVault/04-ConfiguringHashicorpVault.mdx b/advocacy_docs/partner_docs/HashicorpVault/04-ConfiguringHashicorpVault.mdx index fb3481e77e5..16369cafd97 100644 --- a/advocacy_docs/partner_docs/HashicorpVault/04-ConfiguringHashicorpVault.mdx +++ b/advocacy_docs/partner_docs/HashicorpVault/04-ConfiguringHashicorpVault.mdx @@ -5,7 +5,7 @@ description: 'Walkthrough on configuring the integration' Implementing Hashicorp Vault with EDB Postgres Advanced Server version 15.2 and above and EDB Postgres Extended Server version 15.2 and above requires the following components: !!! Note - The EDB Postgres Advanced Server version 15.2 and above and EDB Postgres Extended Server version 15.2 and above, products will be referred to as EDB Postgres distribution. The specific distribution type will be dependant upon customer need or preference. + The EDB Postgres Advanced Server version 15.2 and above and EDB Postgres Extended Server version 15.2 and above, products will be referred to as EDB Postgres distribution. The specific distribution type will be dependent upon customer need or preference. - EDB Postgres Distribution (15.2 or later) - Hashicorp Vault Enterprise version 1.13.2+ent or 1.12.6+ent From b5dc638db64827e4d7e5909852a978b931c230ef Mon Sep 17 00:00:00 2001 From: jkitchens32 Date: Thu, 6 Jul 2023 12:07:58 -0400 Subject: [PATCH 24/61] Repo Edits --- .../04-ConfiguringHashicorpVault.mdx | 60 ++++++++++++++++++- .../HashicorpVault/05-UsingHashicorpVault.mdx | 46 +++++++++++++- 2 files changed, 103 insertions(+), 3 deletions(-) diff --git a/advocacy_docs/partner_docs/HashicorpVault/04-ConfiguringHashicorpVault.mdx b/advocacy_docs/partner_docs/HashicorpVault/04-ConfiguringHashicorpVault.mdx index 16369cafd97..5c819cc989f 100644 --- a/advocacy_docs/partner_docs/HashicorpVault/04-ConfiguringHashicorpVault.mdx +++ b/advocacy_docs/partner_docs/HashicorpVault/04-ConfiguringHashicorpVault.mdx @@ -17,7 +17,7 @@ Implementing Hashicorp Vault with EDB Postgres Advanced Server version 15.2 and - A running EDB Postgres distribution with Python and pykmip installed - Hashicorp Vault Enterprise edition with enterprise licensing installed and deployed per your VM environment -## Check/Install Python and Install pykmip on Server +## Check/Install Python on Server Many Unix-compatible operating systems such as macOS and some Linux distributions have Python installed by default as it is included in a base installation. @@ -30,7 +30,63 @@ Type "help", "copyright", "credits" or "license" for more information. ``` If you run a check and find that your system does not have Python installed, you can follow the docs and download it from [Python.org](https://www.python.org/downloads/). Simply select your specific OS and download and install on your system. -To install pykmip, as root user, first install the `pip` utility, for example `apt install python3-pip` for Debian systems. Once that is complete then type `pip install pykmip` to install the pykmip requirement. +## Install Pykmip +Once you have your EDB Repository installed on your server, you can then install the Pykmip utility that is needed. + +- As `root` user issue the `install python3-pykmip` command, for our example we have a RHEL8 server so it would be `dnf install python3-pymkip`. + +The output should look something like: +```bash +[root@ip-172-31-7-145 ec2-user]# dnf install python3-pykmip +Updating Subscription Management repositories. +Red Hat Enterprise Linux 8 for x86_64 - AppStre 63 MB/s | 58 MB 00:00 +Red Hat Enterprise Linux 8 for x86_64 - BaseOS 71 MB/s | 62 MB 00:00 +Red Hat Ansible Engine 2 for RHEL 8 (RPMs) from 19 MB/s | 2.5 MB 00:00 +RHUI Client Configuration Server 8 45 kB/s | 3.7 kB 00:00 +Last metadata expiration check: 0:00:01 ago on Thu 06 Jul 2023 01:30:54 PM UTC. +Dependencies resolved. +================================================================================ + Package Arch Version Repository Size +================================================================================ +Installing: + python3-pykmip noarch 0.9.1-1.el8 enterprisedb-enterprise-noarch 401 k +Installing dependencies: + python3-sqlalchemy x86_64 1.3.2-2.module+el8.3.0+6646+6b4b10ec + rhel-8-appstream-rhui-rpms 1.9 M +Enabling module streams: + python36 3.6 + +Transaction Summary +================================================================================ +Install 2 Packages + +Total download size: 2.3 M +Installed size: 13 M +Is this ok [y/N]: y +Downloading Packages: +(1/2): python3-sqlalchemy-1.3.2-2.module+el8.3. 23 MB/s | 1.9 MB 00:00 +(2/2): python3-pykmip-0.9.1-1.el8.noarch.rpm 450 kB/s | 401 kB 00:00 +-------------------------------------------------------------------------------- +Total 2.5 MB/s | 2.3 MB 00:00 +Running transaction check +Transaction check succeeded. +Running transaction test +Transaction test succeeded. +Running transaction + Preparing : 1/1 + Installing : python3-sqlalchemy-1.3.2-2.module+el8.3.0+6646+6b4b1 1/2 + Installing : python3-pykmip-0.9.1-1.el8.noarch 2/2 + Running scriptlet: python3-pykmip-0.9.1-1.el8.noarch 2/2 + Verifying : python3-pykmip-0.9.1-1.el8.noarch 1/2 + Verifying : python3-sqlalchemy-1.3.2-2.module+el8.3.0+6646+6b4b1 2/2 +Installed products updated. + +Installed: + python3-pykmip-0.9.1-1.el8.noarch + python3-sqlalchemy-1.3.2-2.module+el8.3.0+6646+6b4b10ec.x86_64 + +Complete! +``` ## Configure Hashicorp Vault KMIP Secrets Engine diff --git a/advocacy_docs/partner_docs/HashicorpVault/05-UsingHashicorpVault.mdx b/advocacy_docs/partner_docs/HashicorpVault/05-UsingHashicorpVault.mdx index 36ae29b6701..41377f665c7 100644 --- a/advocacy_docs/partner_docs/HashicorpVault/05-UsingHashicorpVault.mdx +++ b/advocacy_docs/partner_docs/HashicorpVault/05-UsingHashicorpVault.mdx @@ -11,10 +11,54 @@ After you have configured all of the Hashicorp Vault certificates, as stated in To implement Hashicorp Vault Secrets Engine with your EDB Postgres distribution, you must ensure that you have the following downloaded to your system: - Python - [pykmip](https://pypi.org/project/PyKMIP/#files) -- edb_tde_kmip_client.py downloaded from your EDB Repos access +- edb-tde-kmip-client downloaded from your EDB Repos access All of the `.pem` files that you created in the Configuring section, `key.pem`, `cert.pem` and `ca.pem`, need to be copied to the system where your EDB Postgres distribution is installed. For our example, all of the `.pem` files and the `edb_tde_kmip_client.py` program are in the `/tmp/` directory. +## Check Prerequisites and Download edb-tde-kmip-client +Ensure that you have the prerequisite software (Python and Pykmip) installed on your system as stated in the Configuring section. + +To install the edb-tde-kmip-client on your system assume `root` user and issue the install command for `edb-tde-kmip-client`. For our example we installed it on a RHEL8 Server so it would be `dnf install edb-tde-kmip-client`. + +You should receive some output that looks like the following: +```bash +[root@ip-172-31-7-145 ec2-user]# dnf install edb-tde-kmip-client +Updating Subscription Management repositories. +Last metadata expiration check: 0:00:59 ago on Thu 06 Jul 2023 01:30:54 PM UTC. +Dependencies resolved. +================================================================================ + Package Arch Version Repository Size +================================================================================ +Installing: + edb-tde-kmip-client noarch 1.0-1.el8 enterprisedb-enterprise-noarch 14 k + +Transaction Summary +================================================================================ +Install 1 Package + +Total download size: 14 k +Installed size: 20 k +Is this ok [y/N]: y +Downloading Packages: +edb-tde-kmip-client-1.0-1.el8.noarch.rpm 23 kB/s | 14 kB 00:00 +-------------------------------------------------------------------------------- +Total 23 kB/s | 14 kB 00:00 +Running transaction check +Transaction check succeeded. +Running transaction test +Transaction test succeeded. +Running transaction + Preparing : 1/1 + Installing : edb-tde-kmip-client-1.0-1.el8.noarch 1/1 + Verifying : edb-tde-kmip-client-1.0-1.el8.noarch 1/1 +Installed products updated. + +Installed: + edb-tde-kmip-client-1.0-1.el8.noarch + +Complete! +``` + ## Create pykmip.conf File 1. On your system where you have your EDB Postgres distribution, navigate to the directory where you have saved your `.pem` files and the `edb_tde_kmip_client.py` client. From 386b0e6efa41eb3471ebf802f5b8df9240d08c24 Mon Sep 17 00:00:00 2001 From: jkitchens32 Date: Tue, 30 May 2023 16:38:48 -0400 Subject: [PATCH 25/61] Tech Partner HPE Greenlake Guide --- .../HPEGreenlake/02-PartnerInformation.mdx | 12 ++++ .../HPEGreenlake/03-SolutionSummary.mdx | 12 ++++ .../04-ConfiguringHPEGreenlake.mdx | 65 +++++++++++++++++++ .../HPEGreenlake/05-UsingHPEGreenlake.mdx | 26 ++++++++ .../06-CertificationEnvironment.mdx | 15 +++++ .../HPEGreenlake/07-SupportandLogging.mdx | 32 +++++++++ .../Images/PartnerProgram.jpg.png | 3 + .../partner_docs/HPEGreenlake/index.mdx | 14 ++++ 8 files changed, 179 insertions(+) create mode 100644 advocacy_docs/partner_docs/HPEGreenlake/02-PartnerInformation.mdx create mode 100644 advocacy_docs/partner_docs/HPEGreenlake/03-SolutionSummary.mdx create mode 100644 advocacy_docs/partner_docs/HPEGreenlake/04-ConfiguringHPEGreenlake.mdx create mode 100644 advocacy_docs/partner_docs/HPEGreenlake/05-UsingHPEGreenlake.mdx create mode 100644 advocacy_docs/partner_docs/HPEGreenlake/06-CertificationEnvironment.mdx create mode 100644 advocacy_docs/partner_docs/HPEGreenlake/07-SupportandLogging.mdx create mode 100644 advocacy_docs/partner_docs/HPEGreenlake/Images/PartnerProgram.jpg.png create mode 100644 advocacy_docs/partner_docs/HPEGreenlake/index.mdx diff --git a/advocacy_docs/partner_docs/HPEGreenlake/02-PartnerInformation.mdx b/advocacy_docs/partner_docs/HPEGreenlake/02-PartnerInformation.mdx new file mode 100644 index 00000000000..00934a55aa6 --- /dev/null +++ b/advocacy_docs/partner_docs/HPEGreenlake/02-PartnerInformation.mdx @@ -0,0 +1,12 @@ +--- +title: 'Partner Information' +description: 'Details of the partner' + +--- + +|   |   | +| ----------- | ----------- | +| **Partner Name** | HPE | +| **Web Site** | https://www.hpe.com/us/en/greenlake.html | +| **Partner Product** | Greenlake | +| **Product Description** | | diff --git a/advocacy_docs/partner_docs/HPEGreenlake/03-SolutionSummary.mdx b/advocacy_docs/partner_docs/HPEGreenlake/03-SolutionSummary.mdx new file mode 100644 index 00000000000..5571583fb8f --- /dev/null +++ b/advocacy_docs/partner_docs/HPEGreenlake/03-SolutionSummary.mdx @@ -0,0 +1,12 @@ +--- +title: 'Solution Summary' +description: 'Explanation of the solution and its purpose' +--- + +EDB Postgres Advanced Server, EDB Postgres Extended Server, EDB Failover Manager, Postgres Enterprise Manager, and Barman can each be deployed + +The following diagram shows a high-level architecture of the HPE Greenlake platform: + +

+ Solution architecture +

\ No newline at end of file diff --git a/advocacy_docs/partner_docs/HPEGreenlake/04-ConfiguringHPEGreenlake.mdx b/advocacy_docs/partner_docs/HPEGreenlake/04-ConfiguringHPEGreenlake.mdx new file mode 100644 index 00000000000..3099591c9f5 --- /dev/null +++ b/advocacy_docs/partner_docs/HPEGreenlake/04-ConfiguringHPEGreenlake.mdx @@ -0,0 +1,65 @@ +--- +title: 'Configuration' +description: 'Walkthrough on configuring the integration' +--- + +Implementing EDB software on Nutanix AHV requires the following components: +!!! Note + The EDB Postgres Advanced Server, EDB Postgres Extended Server and PostgreSQL Server products will be referred to as Postgres Distribution. The specific Distribution type will be dependant upon customer need or preference. + +- Postgres Distribution +- Nutanix software + +Sample deployment: + +

+ Sample deployment +

+ +## Prerequisites + +- A running Nutanix cluster with AHV. +- Access to the Prism web console. + +

+ Prism web console +

+ + For more details, read the [Prism Central Guide](https://portal.nutanix.com/page/documents/details?targetId=Prism-Central-Guide-Prism-v5_19:Prism-Central-Guide-Prism-v5_19). + +## Deploying VMs Using AHV + +To create a Virtual Machine (VM) via AHV: + + +1. On Prism Central, select **Create VM**. Watch this [video](https://www.youtube.com/watch?v=q4wBewXfDs8) from Nutanix for more information. + +

+ Create a VM +

+ +2. Enter the appropriate values for your configuration. For example, these are the specifications for a test environment: + ``` + vCPU(s): 2 + Memory: 4 GiB + Storage: DISK 50 GiB + Guest OS: CentOS7 + ``` + + +!!! Note + Mount the CD-ROM with CentOS7 ISO available via the Image Service. + +

+ Test environment specifics +

+ +3. Select **Save**. + +2. Install your preferred Postgres Distribution. For example, for EDB Postgres Advanced Server refer to the [EDB Postgres Advanced Server documentation](https://www.enterprisedb.com/docs/epas/latest/). + +3. Install the other EDB tools, such as [EDB Failover Manager (EFM)](https://www.enterprisedb.com/docs/efm/latest/), [Postgres Enterprise Manager (PEM)](https://www.enterprisedb.com/docs/pem/latest/), or [Barman](https://www.enterprisedb.com/docs/supported-open-source/barman/), as needed for your configuration in the appropriate VMs. Refer to the [EDB documentation](https://www.enterprisedb.com/docs). + + + + diff --git a/advocacy_docs/partner_docs/HPEGreenlake/05-UsingHPEGreenlake.mdx b/advocacy_docs/partner_docs/HPEGreenlake/05-UsingHPEGreenlake.mdx new file mode 100644 index 00000000000..1032b2bcd0a --- /dev/null +++ b/advocacy_docs/partner_docs/HPEGreenlake/05-UsingHPEGreenlake.mdx @@ -0,0 +1,26 @@ +--- +title: 'Using' +description: 'Walkthrough of example usage scenarios' +--- + +Nutanix AHV hosts the virtual machines created so that you can deploy / redeploy them as needed. + +To use Nutanix AHV: + +1. Log in to Prism. + +1. Go to the **Table** tab where you can view the virtual machines deployed via Nutanix AHV. For example, this screenshot shows VMs that host the following EDB products: + + - EDB Postgres Advanced Server + - EDB Postgres Extended Server + - Failover Manager + - Postgres Enterprise Manager + - Barman + + +

+ Viewing VMs on AHV +

+ +!!! Note + The screenshot contains information about our test environment and is not intended for a production environment. diff --git a/advocacy_docs/partner_docs/HPEGreenlake/06-CertificationEnvironment.mdx b/advocacy_docs/partner_docs/HPEGreenlake/06-CertificationEnvironment.mdx new file mode 100644 index 00000000000..593b0e0e628 --- /dev/null +++ b/advocacy_docs/partner_docs/HPEGreenlake/06-CertificationEnvironment.mdx @@ -0,0 +1,15 @@ +--- +title: 'Certification Environment' +description: 'Overview of the certification environment' +--- + +## HPE Greenlake DL380 Gen10 Plus Server Test Environment +|   |   | +| ----------- | ----------- | +| **Certification Test Date** | 2023 | +| **EDB Postgres Advanced Server** | 12,13,14,15 | +| **EDB Postgres Extended Server** | 12,13,14,15 | +| **Postgres Enterprise Manager** | 9.1.1 | +| **EDB Failover Manager** | 4.6 | +| **Barman** | 3.4.0 | +| **HPE Greenlake Server** | DL380 Gen10 Plus | \ No newline at end of file diff --git a/advocacy_docs/partner_docs/HPEGreenlake/07-SupportandLogging.mdx b/advocacy_docs/partner_docs/HPEGreenlake/07-SupportandLogging.mdx new file mode 100644 index 00000000000..309c9340288 --- /dev/null +++ b/advocacy_docs/partner_docs/HPEGreenlake/07-SupportandLogging.mdx @@ -0,0 +1,32 @@ +--- +title: 'Support and Logging Details' +description: 'Details of the support process and logging information' +--- + +## Support + +Technical support for the use of these products is provided by both EDB and HPE. A proper support contract is required to be in place at both EDB and HPE. A support ticket can be opened on either side to start the process. If it is determined through the support ticket that resources from the other vendor is required, the customer should open a support ticket with that vendor through normal support channels. This will allow both companies to work together to help the customer as needed. + +## Logging + +**EDB Postgres Advanced Server Logs** + +Navigate to the `Data` directory in your chosen EDB Postgres Advanced Server instance and from here you can navigate to `log`, `current_logfiles` or you can navigate to the `postgresql.conf` file where you can customize logging options or enable `edb_audit` logs. An example of the full path to view EDB Postgres Advanced Server logs: `/var/lib/edb/as15/data/log`. + +**EDB Postgres Extended Server Logs** + +Navigate to the `Data` directory in your chosen EDB Postgres Extended Server instance and from here you can navigate to `log`, or you can navigate to the `postgresql.conf` file where you can customize logging options. An example of the full path to view EDB Postgres Extended logs: `/var/lib/edb-pge/15/data/log`. + +**PostgreSQL Server Logs** + +The default log directories for PostgreSQL logs vary depending on the operating system: + +- Debian-based system: `/var/log/postgresql/postgresql-x.x.main.log. X.x.` + +- Red Hat-based system: `/var/lib/pgsql/data/pg_log` + +- Windows: `C:\Program Files\PostgreSQL\9.3\data\pg_log` + +**HPE Logs** + +For HPE logging and support, please contact the HPE Support team to assist you. \ No newline at end of file diff --git a/advocacy_docs/partner_docs/HPEGreenlake/Images/PartnerProgram.jpg.png b/advocacy_docs/partner_docs/HPEGreenlake/Images/PartnerProgram.jpg.png new file mode 100644 index 00000000000..93e0514710b --- /dev/null +++ b/advocacy_docs/partner_docs/HPEGreenlake/Images/PartnerProgram.jpg.png @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:1953f3a5526ab37279a598f1c370c5acbf9f6d18f7902cb538161182fbed3b1f +size 57295 diff --git a/advocacy_docs/partner_docs/HPEGreenlake/index.mdx b/advocacy_docs/partner_docs/HPEGreenlake/index.mdx new file mode 100644 index 00000000000..8406af5f70a --- /dev/null +++ b/advocacy_docs/partner_docs/HPEGreenlake/index.mdx @@ -0,0 +1,14 @@ +--- +title: 'HPE Greenlake Implementation Guide' +indexCards: simple +directoryDefaults: + iconName: handshake +--- + +

+ +

+

EDB GlobalConnect Technology Partner Implementation Guide

+

HPE Greenlake

+ +

This document is intended to augment each vendor’s product documentation in order to guide the reader in getting the products working together. It is not intended to show the optimal configuration for the certified integration.

\ No newline at end of file From 0035bd95e2624ec79ffe23e619d6678a81f8d659 Mon Sep 17 00:00:00 2001 From: jkitchens32 Date: Wed, 31 May 2023 08:57:54 -0400 Subject: [PATCH 26/61] Added index --- src/pages/index.js | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/pages/index.js b/src/pages/index.js index 6e3d50b198e..5987344f64d 100644 --- a/src/pages/index.js +++ b/src/pages/index.js @@ -374,6 +374,11 @@ const Page = () => ( Esri ArcGIS Pro and Esri ArcGIS Enterprise + + HPE Greenlake + + Imperva Data Security Fabric + Nutanix AHV From 4863af70e1bf9ac187f552f08bdf7ca2810b52a2 Mon Sep 17 00:00:00 2001 From: jkitchens32 Date: Wed, 31 May 2023 09:07:19 -0400 Subject: [PATCH 27/61] Index Link update --- src/pages/index.js | 1 + 1 file changed, 1 insertion(+) diff --git a/src/pages/index.js b/src/pages/index.js index 5987344f64d..f1d83506505 100644 --- a/src/pages/index.js +++ b/src/pages/index.js @@ -376,6 +376,7 @@ const Page = () => ( HPE Greenlake + Imperva Data Security Fabric From 683a8f4fcb6c4ff475fdafadb5a05e76e1284650 Mon Sep 17 00:00:00 2001 From: jkitchens32 Date: Wed, 31 May 2023 09:58:58 -0400 Subject: [PATCH 28/61] Error Fixes --- .../HPEGreenlake/03-SolutionSummary.mdx | 3 --- .../HPEGreenlake/04-ConfiguringHPEGreenlake.mdx | 16 ++++------------ .../HPEGreenlake/05-UsingHPEGreenlake.mdx | 3 --- 3 files changed, 4 insertions(+), 18 deletions(-) diff --git a/advocacy_docs/partner_docs/HPEGreenlake/03-SolutionSummary.mdx b/advocacy_docs/partner_docs/HPEGreenlake/03-SolutionSummary.mdx index 5571583fb8f..772d1b78cc6 100644 --- a/advocacy_docs/partner_docs/HPEGreenlake/03-SolutionSummary.mdx +++ b/advocacy_docs/partner_docs/HPEGreenlake/03-SolutionSummary.mdx @@ -7,6 +7,3 @@ EDB Postgres Advanced Server, EDB Postgres Extended Server, EDB Failover Manager The following diagram shows a high-level architecture of the HPE Greenlake platform: -

- Solution architecture -

\ No newline at end of file diff --git a/advocacy_docs/partner_docs/HPEGreenlake/04-ConfiguringHPEGreenlake.mdx b/advocacy_docs/partner_docs/HPEGreenlake/04-ConfiguringHPEGreenlake.mdx index 3099591c9f5..4c04959d845 100644 --- a/advocacy_docs/partner_docs/HPEGreenlake/04-ConfiguringHPEGreenlake.mdx +++ b/advocacy_docs/partner_docs/HPEGreenlake/04-ConfiguringHPEGreenlake.mdx @@ -12,18 +12,14 @@ Implementing EDB software on Nutanix AHV requires the following components: Sample deployment: -

- Sample deployment -

+ ## Prerequisites - A running Nutanix cluster with AHV. - Access to the Prism web console. -

- Prism web console -

+ For more details, read the [Prism Central Guide](https://portal.nutanix.com/page/documents/details?targetId=Prism-Central-Guide-Prism-v5_19:Prism-Central-Guide-Prism-v5_19). @@ -34,9 +30,7 @@ To create a Virtual Machine (VM) via AHV: 1. On Prism Central, select **Create VM**. Watch this [video](https://www.youtube.com/watch?v=q4wBewXfDs8) from Nutanix for more information. -

- Create a VM -

+ 2. Enter the appropriate values for your configuration. For example, these are the specifications for a test environment: ``` @@ -50,9 +44,7 @@ To create a Virtual Machine (VM) via AHV: !!! Note Mount the CD-ROM with CentOS7 ISO available via the Image Service. -

- Test environment specifics -

+ 3. Select **Save**. diff --git a/advocacy_docs/partner_docs/HPEGreenlake/05-UsingHPEGreenlake.mdx b/advocacy_docs/partner_docs/HPEGreenlake/05-UsingHPEGreenlake.mdx index 1032b2bcd0a..2cd37e05678 100644 --- a/advocacy_docs/partner_docs/HPEGreenlake/05-UsingHPEGreenlake.mdx +++ b/advocacy_docs/partner_docs/HPEGreenlake/05-UsingHPEGreenlake.mdx @@ -18,9 +18,6 @@ To use Nutanix AHV: - Barman -

- Viewing VMs on AHV -

!!! Note The screenshot contains information about our test environment and is not intended for a production environment. From 16bd95d6c794e8dd3ef1237b1af954107f342f8f Mon Sep 17 00:00:00 2001 From: jkitchens32 Date: Wed, 31 May 2023 16:06:54 -0400 Subject: [PATCH 29/61] Wording edits and image additions --- .../HPEGreenlake/02-PartnerInformation.mdx | 2 +- .../HPEGreenlake/03-SolutionSummary.mdx | 4 +- .../04-ConfiguringHPEGreenlake.mdx | 38 ++++--------------- .../HPEGreenlake/05-UsingHPEGreenlake.mdx | 13 +++---- .../Images/HPEDatabaseDisplay.png | 3 ++ .../HPEGreenlake/Images/SampleDeployment.png | 3 ++ 6 files changed, 23 insertions(+), 40 deletions(-) create mode 100644 advocacy_docs/partner_docs/HPEGreenlake/Images/HPEDatabaseDisplay.png create mode 100644 advocacy_docs/partner_docs/HPEGreenlake/Images/SampleDeployment.png diff --git a/advocacy_docs/partner_docs/HPEGreenlake/02-PartnerInformation.mdx b/advocacy_docs/partner_docs/HPEGreenlake/02-PartnerInformation.mdx index 00934a55aa6..9a76393fb3d 100644 --- a/advocacy_docs/partner_docs/HPEGreenlake/02-PartnerInformation.mdx +++ b/advocacy_docs/partner_docs/HPEGreenlake/02-PartnerInformation.mdx @@ -9,4 +9,4 @@ description: 'Details of the partner' | **Partner Name** | HPE | | **Web Site** | https://www.hpe.com/us/en/greenlake.html | | **Partner Product** | Greenlake | -| **Product Description** | | +| **Product Description** | HPE GreenLake is a self-service, HPE-managed platform that marries the simplicity and agility of the public cloud with the security, governance and compliance, and performance benefits of on-premises IT infrastructure. HPE Greenlake allows you to deploy your EDB Postgres Advanced Server, EDB Postgres Extended Server and other EDB software in a fast and secure environment. | diff --git a/advocacy_docs/partner_docs/HPEGreenlake/03-SolutionSummary.mdx b/advocacy_docs/partner_docs/HPEGreenlake/03-SolutionSummary.mdx index 772d1b78cc6..85808485157 100644 --- a/advocacy_docs/partner_docs/HPEGreenlake/03-SolutionSummary.mdx +++ b/advocacy_docs/partner_docs/HPEGreenlake/03-SolutionSummary.mdx @@ -3,7 +3,9 @@ title: 'Solution Summary' description: 'Explanation of the solution and its purpose' --- -EDB Postgres Advanced Server, EDB Postgres Extended Server, EDB Failover Manager, Postgres Enterprise Manager, and Barman can each be deployed +EDB Postgres Advanced Server, EDB Postgres Extended Server, EDB Failover Manager, Postgres Enterprise Manager, and Barman can each be deployed quickly and securely when utilizing the HPE Greenlake platform. HPE GreenLake is a self-service, HPE-managed platform that marries the simplicity and agility of the public cloud with the security, governance and compliance, and performance benefits of on-premises IT infrastructure. + +HPE Greenlake delivers a complete and preconfigured system that includes all the hardware and software necessary to be up and running almost immediately, which allows you to deploy all of your EDB products quickly and securely. The following diagram shows a high-level architecture of the HPE Greenlake platform: diff --git a/advocacy_docs/partner_docs/HPEGreenlake/04-ConfiguringHPEGreenlake.mdx b/advocacy_docs/partner_docs/HPEGreenlake/04-ConfiguringHPEGreenlake.mdx index 4c04959d845..dec27ed4a3e 100644 --- a/advocacy_docs/partner_docs/HPEGreenlake/04-ConfiguringHPEGreenlake.mdx +++ b/advocacy_docs/partner_docs/HPEGreenlake/04-ConfiguringHPEGreenlake.mdx @@ -8,49 +8,27 @@ Implementing EDB software on Nutanix AHV requires the following components: The EDB Postgres Advanced Server, EDB Postgres Extended Server and PostgreSQL Server products will be referred to as Postgres Distribution. The specific Distribution type will be dependant upon customer need or preference. - Postgres Distribution -- Nutanix software +- HPE Greenlake system configured per your requirements Sample deployment: - +![HPE Sample Deployment](Images/SampleDeployment.png) ## Prerequisites -- A running Nutanix cluster with AHV. -- Access to the Prism web console. - - - - For more details, read the [Prism Central Guide](https://portal.nutanix.com/page/documents/details?targetId=Prism-Central-Guide-Prism-v5_19:Prism-Central-Guide-Prism-v5_19). - -## Deploying VMs Using AHV - -To create a Virtual Machine (VM) via AHV: +- HPE Greenlake servers set up per your requirements -1. On Prism Central, select **Create VM**. Watch this [video](https://www.youtube.com/watch?v=q4wBewXfDs8) from Nutanix for more information. - - - -2. Enter the appropriate values for your configuration. For example, these are the specifications for a test environment: - ``` - vCPU(s): 2 - Memory: 4 GiB - Storage: DISK 50 GiB - Guest OS: CentOS7 - ``` - - -!!! Note - Mount the CD-ROM with CentOS7 ISO available via the Image Service. +## SSH Into Server and Deploy Postgres Distribution +1. SSH into your server per your chosen method, for example if on a Windows system accessing a RHEL Server, you would want to use a utility like PuTTy to SSH into your server to access it. -3. Select **Save**. +2. Login as the `Root` user via credentials you established with HPE during your server setup. -2. Install your preferred Postgres Distribution. For example, for EDB Postgres Advanced Server refer to the [EDB Postgres Advanced Server documentation](https://www.enterprisedb.com/docs/epas/latest/). +3. Install your preferred Postgres Distribution. For example, for EDB Postgres Advanced Server refer to the [EDB Postgres Advanced Server documentation](https://www.enterprisedb.com/docs/epas/latest/). -3. Install the other EDB tools, such as [EDB Failover Manager (EFM)](https://www.enterprisedb.com/docs/efm/latest/), [Postgres Enterprise Manager (PEM)](https://www.enterprisedb.com/docs/pem/latest/), or [Barman](https://www.enterprisedb.com/docs/supported-open-source/barman/), as needed for your configuration in the appropriate VMs. Refer to the [EDB documentation](https://www.enterprisedb.com/docs). +4. Install the other EDB tools, such as [EDB Failover Manager (EFM)](https://www.enterprisedb.com/docs/efm/latest/), [Postgres Enterprise Manager (PEM)](https://www.enterprisedb.com/docs/pem/latest/), or [Barman](https://www.enterprisedb.com/docs/supported-open-source/barman/), as needed for your configuration in the appropriate VMs. Refer to the [EDB documentation](https://www.enterprisedb.com/docs). diff --git a/advocacy_docs/partner_docs/HPEGreenlake/05-UsingHPEGreenlake.mdx b/advocacy_docs/partner_docs/HPEGreenlake/05-UsingHPEGreenlake.mdx index 2cd37e05678..75ea22d48ad 100644 --- a/advocacy_docs/partner_docs/HPEGreenlake/05-UsingHPEGreenlake.mdx +++ b/advocacy_docs/partner_docs/HPEGreenlake/05-UsingHPEGreenlake.mdx @@ -3,13 +3,13 @@ title: 'Using' description: 'Walkthrough of example usage scenarios' --- -Nutanix AHV hosts the virtual machines created so that you can deploy / redeploy them as needed. +HPE Greenlake systems are easy to deploy, turn on and off and install your Postgres Distribution products on, while ensuring speed and security. -To use Nutanix AHV: +To use HPE Greenlake: -1. Log in to Prism. +1. Access your server, either via GUI or SSH depending on your system setup. -1. Go to the **Table** tab where you can view the virtual machines deployed via Nutanix AHV. For example, this screenshot shows VMs that host the following EDB products: +1. Install and deploy your Postgres Distribution products as need: - EDB Postgres Advanced Server - EDB Postgres Extended Server @@ -17,7 +17,4 @@ To use Nutanix AHV: - Postgres Enterprise Manager - Barman - - -!!! Note - The screenshot contains information about our test environment and is not intended for a production environment. +![HPE EDB Postgres Advanced Server Database on Proliant Server](Images/HPEDatabaseDisplay.png) diff --git a/advocacy_docs/partner_docs/HPEGreenlake/Images/HPEDatabaseDisplay.png b/advocacy_docs/partner_docs/HPEGreenlake/Images/HPEDatabaseDisplay.png new file mode 100644 index 00000000000..e391467221d --- /dev/null +++ b/advocacy_docs/partner_docs/HPEGreenlake/Images/HPEDatabaseDisplay.png @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:4834464f194e6d6b7f15e670554aa1bbcc4256a7a3e3970aa298064c58cbdf74 +size 2094618 diff --git a/advocacy_docs/partner_docs/HPEGreenlake/Images/SampleDeployment.png b/advocacy_docs/partner_docs/HPEGreenlake/Images/SampleDeployment.png new file mode 100644 index 00000000000..fa80457a82f --- /dev/null +++ b/advocacy_docs/partner_docs/HPEGreenlake/Images/SampleDeployment.png @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:d24a1c9dea97a91654d2146a7af3c48deeb1168fa4a5c1c7a1d18e5bb02a2e95 +size 94633 From dd629971ca904a1c13df9858db8f846f814c7aff Mon Sep 17 00:00:00 2001 From: jkitchens32 Date: Thu, 1 Jun 2023 11:52:41 -0400 Subject: [PATCH 30/61] Configure Wording Change --- .../partner_docs/HPEGreenlake/04-ConfiguringHPEGreenlake.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/advocacy_docs/partner_docs/HPEGreenlake/04-ConfiguringHPEGreenlake.mdx b/advocacy_docs/partner_docs/HPEGreenlake/04-ConfiguringHPEGreenlake.mdx index dec27ed4a3e..8f945b09dc9 100644 --- a/advocacy_docs/partner_docs/HPEGreenlake/04-ConfiguringHPEGreenlake.mdx +++ b/advocacy_docs/partner_docs/HPEGreenlake/04-ConfiguringHPEGreenlake.mdx @@ -3,7 +3,7 @@ title: 'Configuration' description: 'Walkthrough on configuring the integration' --- -Implementing EDB software on Nutanix AHV requires the following components: +Implementing EDB software on HPE Greenlake requires the following components: !!! Note The EDB Postgres Advanced Server, EDB Postgres Extended Server and PostgreSQL Server products will be referred to as Postgres Distribution. The specific Distribution type will be dependant upon customer need or preference. From 58659f5ed7e401de4308e83e73a371797f4688f5 Mon Sep 17 00:00:00 2001 From: jkitchens32 Date: Thu, 1 Jun 2023 11:58:19 -0400 Subject: [PATCH 31/61] More wording updates and Additions --- .../HPEGreenlake/04-ConfiguringHPEGreenlake.mdx | 2 +- .../partner_docs/HPEGreenlake/05-UsingHPEGreenlake.mdx | 6 ++++-- .../HPEGreenlake/06-CertificationEnvironment.mdx | 2 +- 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/advocacy_docs/partner_docs/HPEGreenlake/04-ConfiguringHPEGreenlake.mdx b/advocacy_docs/partner_docs/HPEGreenlake/04-ConfiguringHPEGreenlake.mdx index 8f945b09dc9..2f9f14fd439 100644 --- a/advocacy_docs/partner_docs/HPEGreenlake/04-ConfiguringHPEGreenlake.mdx +++ b/advocacy_docs/partner_docs/HPEGreenlake/04-ConfiguringHPEGreenlake.mdx @@ -28,7 +28,7 @@ Sample deployment: 3. Install your preferred Postgres Distribution. For example, for EDB Postgres Advanced Server refer to the [EDB Postgres Advanced Server documentation](https://www.enterprisedb.com/docs/epas/latest/). -4. Install the other EDB tools, such as [EDB Failover Manager (EFM)](https://www.enterprisedb.com/docs/efm/latest/), [Postgres Enterprise Manager (PEM)](https://www.enterprisedb.com/docs/pem/latest/), or [Barman](https://www.enterprisedb.com/docs/supported-open-source/barman/), as needed for your configuration in the appropriate VMs. Refer to the [EDB documentation](https://www.enterprisedb.com/docs). +4. Install the other EDB tools, such as [EDB Failover Manager (EFM)](https://www.enterprisedb.com/docs/efm/latest/), [Postgres Enterprise Manager (PEM)](https://www.enterprisedb.com/docs/pem/latest/), or [Barman](https://www.enterprisedb.com/docs/supported-open-source/barman/), as needed for your configuration in the appropriate servers. Refer to the [EDB documentation](https://www.enterprisedb.com/docs) for any other software needs. diff --git a/advocacy_docs/partner_docs/HPEGreenlake/05-UsingHPEGreenlake.mdx b/advocacy_docs/partner_docs/HPEGreenlake/05-UsingHPEGreenlake.mdx index 75ea22d48ad..da25cc17046 100644 --- a/advocacy_docs/partner_docs/HPEGreenlake/05-UsingHPEGreenlake.mdx +++ b/advocacy_docs/partner_docs/HPEGreenlake/05-UsingHPEGreenlake.mdx @@ -3,13 +3,13 @@ title: 'Using' description: 'Walkthrough of example usage scenarios' --- -HPE Greenlake systems are easy to deploy, turn on and off and install your Postgres Distribution products on, while ensuring speed and security. +HPE Greenlake systems are easy to deploy, turn on and off, and install your Postgres Distribution products on, while ensuring speed and security. To use HPE Greenlake: 1. Access your server, either via GUI or SSH depending on your system setup. -1. Install and deploy your Postgres Distribution products as need: +1. Install and deploy your Postgres Distribution products as needed: - EDB Postgres Advanced Server - EDB Postgres Extended Server @@ -17,4 +17,6 @@ To use HPE Greenlake: - Postgres Enterprise Manager - Barman +The following image is an example of a database deployed using EDB Postgres Advanced Server 15.2 on an HPE DL380 Gen10 Plus server. + ![HPE EDB Postgres Advanced Server Database on Proliant Server](Images/HPEDatabaseDisplay.png) diff --git a/advocacy_docs/partner_docs/HPEGreenlake/06-CertificationEnvironment.mdx b/advocacy_docs/partner_docs/HPEGreenlake/06-CertificationEnvironment.mdx index 593b0e0e628..0be7043e5f5 100644 --- a/advocacy_docs/partner_docs/HPEGreenlake/06-CertificationEnvironment.mdx +++ b/advocacy_docs/partner_docs/HPEGreenlake/06-CertificationEnvironment.mdx @@ -6,7 +6,7 @@ description: 'Overview of the certification environment' ## HPE Greenlake DL380 Gen10 Plus Server Test Environment |   |   | | ----------- | ----------- | -| **Certification Test Date** | 2023 | +| **Certification Test Date** | May 31, 2023 | | **EDB Postgres Advanced Server** | 12,13,14,15 | | **EDB Postgres Extended Server** | 12,13,14,15 | | **Postgres Enterprise Manager** | 9.1.1 | From 1d4b497e5a3e239e074d1fe259139efbd45d5ef2 Mon Sep 17 00:00:00 2001 From: jkitchens32 Date: Mon, 5 Jun 2023 08:59:50 -0400 Subject: [PATCH 32/61] Added wording --- .../partner_docs/HPEGreenlake/06-CertificationEnvironment.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/advocacy_docs/partner_docs/HPEGreenlake/06-CertificationEnvironment.mdx b/advocacy_docs/partner_docs/HPEGreenlake/06-CertificationEnvironment.mdx index 0be7043e5f5..b124dbce8d8 100644 --- a/advocacy_docs/partner_docs/HPEGreenlake/06-CertificationEnvironment.mdx +++ b/advocacy_docs/partner_docs/HPEGreenlake/06-CertificationEnvironment.mdx @@ -12,4 +12,4 @@ description: 'Overview of the certification environment' | **Postgres Enterprise Manager** | 9.1.1 | | **EDB Failover Manager** | 4.6 | | **Barman** | 3.4.0 | -| **HPE Greenlake Server** | DL380 Gen10 Plus | \ No newline at end of file +| **HPE Greenlake Server** | Proliant DL380 Gen10 Plus | \ No newline at end of file From 64c816b96848e92da2b553ac9e52976b064074b5 Mon Sep 17 00:00:00 2001 From: jkitchens32 Date: Tue, 6 Jun 2023 14:03:15 -0400 Subject: [PATCH 33/61] HPE Wording Changes --- .../{HPEGreenlake => HPE}/02-PartnerInformation.mdx | 2 +- .../{HPEGreenlake => HPE}/03-SolutionSummary.mdx | 4 ++-- .../{HPEGreenlake => HPE}/04-ConfiguringHPEGreenlake.mdx | 6 +++--- .../{HPEGreenlake => HPE}/05-UsingHPEGreenlake.mdx | 4 ++-- .../{HPEGreenlake => HPE}/06-CertificationEnvironment.mdx | 4 ++-- .../{HPEGreenlake => HPE}/07-SupportandLogging.mdx | 0 .../{HPEGreenlake => HPE}/Images/HPEDatabaseDisplay.png | 0 .../{HPEGreenlake => HPE}/Images/PartnerProgram.jpg.png | 0 .../{HPEGreenlake => HPE}/Images/SampleDeployment.png | 0 advocacy_docs/partner_docs/{HPEGreenlake => HPE}/index.mdx | 4 ++-- src/pages/index.js | 4 ++-- 11 files changed, 14 insertions(+), 14 deletions(-) rename advocacy_docs/partner_docs/{HPEGreenlake => HPE}/02-PartnerInformation.mdx (93%) rename advocacy_docs/partner_docs/{HPEGreenlake => HPE}/03-SolutionSummary.mdx (54%) rename advocacy_docs/partner_docs/{HPEGreenlake => HPE}/04-ConfiguringHPEGreenlake.mdx (88%) rename advocacy_docs/partner_docs/{HPEGreenlake => HPE}/05-UsingHPEGreenlake.mdx (78%) rename advocacy_docs/partner_docs/{HPEGreenlake => HPE}/06-CertificationEnvironment.mdx (79%) rename advocacy_docs/partner_docs/{HPEGreenlake => HPE}/07-SupportandLogging.mdx (100%) rename advocacy_docs/partner_docs/{HPEGreenlake => HPE}/Images/HPEDatabaseDisplay.png (100%) rename advocacy_docs/partner_docs/{HPEGreenlake => HPE}/Images/PartnerProgram.jpg.png (100%) rename advocacy_docs/partner_docs/{HPEGreenlake => HPE}/Images/SampleDeployment.png (100%) rename advocacy_docs/partner_docs/{HPEGreenlake => HPE}/index.mdx (84%) diff --git a/advocacy_docs/partner_docs/HPEGreenlake/02-PartnerInformation.mdx b/advocacy_docs/partner_docs/HPE/02-PartnerInformation.mdx similarity index 93% rename from advocacy_docs/partner_docs/HPEGreenlake/02-PartnerInformation.mdx rename to advocacy_docs/partner_docs/HPE/02-PartnerInformation.mdx index 9a76393fb3d..05c1f4264ff 100644 --- a/advocacy_docs/partner_docs/HPEGreenlake/02-PartnerInformation.mdx +++ b/advocacy_docs/partner_docs/HPE/02-PartnerInformation.mdx @@ -8,5 +8,5 @@ description: 'Details of the partner' | ----------- | ----------- | | **Partner Name** | HPE | | **Web Site** | https://www.hpe.com/us/en/greenlake.html | -| **Partner Product** | Greenlake | +| **Partner Product** | HPE Servers | | **Product Description** | HPE GreenLake is a self-service, HPE-managed platform that marries the simplicity and agility of the public cloud with the security, governance and compliance, and performance benefits of on-premises IT infrastructure. HPE Greenlake allows you to deploy your EDB Postgres Advanced Server, EDB Postgres Extended Server and other EDB software in a fast and secure environment. | diff --git a/advocacy_docs/partner_docs/HPEGreenlake/03-SolutionSummary.mdx b/advocacy_docs/partner_docs/HPE/03-SolutionSummary.mdx similarity index 54% rename from advocacy_docs/partner_docs/HPEGreenlake/03-SolutionSummary.mdx rename to advocacy_docs/partner_docs/HPE/03-SolutionSummary.mdx index 85808485157..0a066a8c5fe 100644 --- a/advocacy_docs/partner_docs/HPEGreenlake/03-SolutionSummary.mdx +++ b/advocacy_docs/partner_docs/HPE/03-SolutionSummary.mdx @@ -3,9 +3,9 @@ title: 'Solution Summary' description: 'Explanation of the solution and its purpose' --- -EDB Postgres Advanced Server, EDB Postgres Extended Server, EDB Failover Manager, Postgres Enterprise Manager, and Barman can each be deployed quickly and securely when utilizing the HPE Greenlake platform. HPE GreenLake is a self-service, HPE-managed platform that marries the simplicity and agility of the public cloud with the security, governance and compliance, and performance benefits of on-premises IT infrastructure. +EDB Postgres Advanced Server, EDB Postgres Extended Server, EDB Failover Manager, Postgres Enterprise Manager, and Barman can each be deployed quickly and securely when utilizing HPE hardware. HPE GreenLake is a self-service, HPE-managed platform that marries the simplicity and agility of the public cloud with the security, governance and compliance, and performance benefits of on-premises IT infrastructure. HPE Greenlake delivers a complete and preconfigured system that includes all the hardware and software necessary to be up and running almost immediately, which allows you to deploy all of your EDB products quickly and securely. -The following diagram shows a high-level architecture of the HPE Greenlake platform: +The following diagram shows a high-level architecture of: diff --git a/advocacy_docs/partner_docs/HPEGreenlake/04-ConfiguringHPEGreenlake.mdx b/advocacy_docs/partner_docs/HPE/04-ConfiguringHPEGreenlake.mdx similarity index 88% rename from advocacy_docs/partner_docs/HPEGreenlake/04-ConfiguringHPEGreenlake.mdx rename to advocacy_docs/partner_docs/HPE/04-ConfiguringHPEGreenlake.mdx index 2f9f14fd439..70e64ef69ad 100644 --- a/advocacy_docs/partner_docs/HPEGreenlake/04-ConfiguringHPEGreenlake.mdx +++ b/advocacy_docs/partner_docs/HPE/04-ConfiguringHPEGreenlake.mdx @@ -3,12 +3,12 @@ title: 'Configuration' description: 'Walkthrough on configuring the integration' --- -Implementing EDB software on HPE Greenlake requires the following components: +Implementing EDB software on HPE requires the following components: !!! Note The EDB Postgres Advanced Server, EDB Postgres Extended Server and PostgreSQL Server products will be referred to as Postgres Distribution. The specific Distribution type will be dependant upon customer need or preference. - Postgres Distribution -- HPE Greenlake system configured per your requirements +- HPE system components configured per your requirements Sample deployment: @@ -16,7 +16,7 @@ Sample deployment: ## Prerequisites -- HPE Greenlake servers set up per your requirements +- HPE servers set up per your requirements ## SSH Into Server and Deploy Postgres Distribution diff --git a/advocacy_docs/partner_docs/HPEGreenlake/05-UsingHPEGreenlake.mdx b/advocacy_docs/partner_docs/HPE/05-UsingHPEGreenlake.mdx similarity index 78% rename from advocacy_docs/partner_docs/HPEGreenlake/05-UsingHPEGreenlake.mdx rename to advocacy_docs/partner_docs/HPE/05-UsingHPEGreenlake.mdx index da25cc17046..20c2e140370 100644 --- a/advocacy_docs/partner_docs/HPEGreenlake/05-UsingHPEGreenlake.mdx +++ b/advocacy_docs/partner_docs/HPE/05-UsingHPEGreenlake.mdx @@ -3,9 +3,9 @@ title: 'Using' description: 'Walkthrough of example usage scenarios' --- -HPE Greenlake systems are easy to deploy, turn on and off, and install your Postgres Distribution products on, while ensuring speed and security. +HPE systems are easy to deploy, turn on and off, and install your Postgres Distribution products on, while ensuring speed and security. -To use HPE Greenlake: +To use HPE System Components: 1. Access your server, either via GUI or SSH depending on your system setup. diff --git a/advocacy_docs/partner_docs/HPEGreenlake/06-CertificationEnvironment.mdx b/advocacy_docs/partner_docs/HPE/06-CertificationEnvironment.mdx similarity index 79% rename from advocacy_docs/partner_docs/HPEGreenlake/06-CertificationEnvironment.mdx rename to advocacy_docs/partner_docs/HPE/06-CertificationEnvironment.mdx index b124dbce8d8..3371353886c 100644 --- a/advocacy_docs/partner_docs/HPEGreenlake/06-CertificationEnvironment.mdx +++ b/advocacy_docs/partner_docs/HPE/06-CertificationEnvironment.mdx @@ -3,7 +3,7 @@ title: 'Certification Environment' description: 'Overview of the certification environment' --- -## HPE Greenlake DL380 Gen10 Plus Server Test Environment +## HPE DL380 Gen10 Plus Server Test Environment |   |   | | ----------- | ----------- | | **Certification Test Date** | May 31, 2023 | @@ -12,4 +12,4 @@ description: 'Overview of the certification environment' | **Postgres Enterprise Manager** | 9.1.1 | | **EDB Failover Manager** | 4.6 | | **Barman** | 3.4.0 | -| **HPE Greenlake Server** | Proliant DL380 Gen10 Plus | \ No newline at end of file +| **HPE Server** | Proliant DL380 Gen10 Plus | \ No newline at end of file diff --git a/advocacy_docs/partner_docs/HPEGreenlake/07-SupportandLogging.mdx b/advocacy_docs/partner_docs/HPE/07-SupportandLogging.mdx similarity index 100% rename from advocacy_docs/partner_docs/HPEGreenlake/07-SupportandLogging.mdx rename to advocacy_docs/partner_docs/HPE/07-SupportandLogging.mdx diff --git a/advocacy_docs/partner_docs/HPEGreenlake/Images/HPEDatabaseDisplay.png b/advocacy_docs/partner_docs/HPE/Images/HPEDatabaseDisplay.png similarity index 100% rename from advocacy_docs/partner_docs/HPEGreenlake/Images/HPEDatabaseDisplay.png rename to advocacy_docs/partner_docs/HPE/Images/HPEDatabaseDisplay.png diff --git a/advocacy_docs/partner_docs/HPEGreenlake/Images/PartnerProgram.jpg.png b/advocacy_docs/partner_docs/HPE/Images/PartnerProgram.jpg.png similarity index 100% rename from advocacy_docs/partner_docs/HPEGreenlake/Images/PartnerProgram.jpg.png rename to advocacy_docs/partner_docs/HPE/Images/PartnerProgram.jpg.png diff --git a/advocacy_docs/partner_docs/HPEGreenlake/Images/SampleDeployment.png b/advocacy_docs/partner_docs/HPE/Images/SampleDeployment.png similarity index 100% rename from advocacy_docs/partner_docs/HPEGreenlake/Images/SampleDeployment.png rename to advocacy_docs/partner_docs/HPE/Images/SampleDeployment.png diff --git a/advocacy_docs/partner_docs/HPEGreenlake/index.mdx b/advocacy_docs/partner_docs/HPE/index.mdx similarity index 84% rename from advocacy_docs/partner_docs/HPEGreenlake/index.mdx rename to advocacy_docs/partner_docs/HPE/index.mdx index 8406af5f70a..1883c0320bd 100644 --- a/advocacy_docs/partner_docs/HPEGreenlake/index.mdx +++ b/advocacy_docs/partner_docs/HPE/index.mdx @@ -1,5 +1,5 @@ --- -title: 'HPE Greenlake Implementation Guide' +title: 'HPE Implementation Guide' indexCards: simple directoryDefaults: iconName: handshake @@ -9,6 +9,6 @@ directoryDefaults:

EDB GlobalConnect Technology Partner Implementation Guide

-

HPE Greenlake

+

HPE

This document is intended to augment each vendor’s product documentation in order to guide the reader in getting the products working together. It is not intended to show the optimal configuration for the certified integration.

\ No newline at end of file diff --git a/src/pages/index.js b/src/pages/index.js index f1d83506505..a7b00d0b536 100644 --- a/src/pages/index.js +++ b/src/pages/index.js @@ -374,8 +374,8 @@ const Page = () => ( Esri ArcGIS Pro and Esri ArcGIS Enterprise - - HPE Greenlake + + HPE Imperva Data Security Fabric From b9fdb0adad6835d77c38d4032012ffa11d5776dd Mon Sep 17 00:00:00 2001 From: jkitchens32 Date: Fri, 9 Jun 2023 09:23:26 -0400 Subject: [PATCH 34/61] Partner Information Wording Updates --- advocacy_docs/partner_docs/HPE/02-PartnerInformation.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/advocacy_docs/partner_docs/HPE/02-PartnerInformation.mdx b/advocacy_docs/partner_docs/HPE/02-PartnerInformation.mdx index 05c1f4264ff..dcce091444f 100644 --- a/advocacy_docs/partner_docs/HPE/02-PartnerInformation.mdx +++ b/advocacy_docs/partner_docs/HPE/02-PartnerInformation.mdx @@ -9,4 +9,4 @@ description: 'Details of the partner' | **Partner Name** | HPE | | **Web Site** | https://www.hpe.com/us/en/greenlake.html | | **Partner Product** | HPE Servers | -| **Product Description** | HPE GreenLake is a self-service, HPE-managed platform that marries the simplicity and agility of the public cloud with the security, governance and compliance, and performance benefits of on-premises IT infrastructure. HPE Greenlake allows you to deploy your EDB Postgres Advanced Server, EDB Postgres Extended Server and other EDB software in a fast and secure environment. | +| **Product Description** | Whether on-prem or in the cloud, HPE provides customers with simple, secure systems to deploy their databases. HPE Greenlake allows you to deploy your EDB Postgres Advanced Server, EDB Postgres Extended Server and other EDB software in a fast and secure environment. | From f20f6ad8f671111f961500e41827a0aee462853a Mon Sep 17 00:00:00 2001 From: jkitchens32 Date: Wed, 14 Jun 2023 20:02:00 -0400 Subject: [PATCH 35/61] Wording Edits --- advocacy_docs/partner_docs/HPE/02-PartnerInformation.mdx | 2 +- advocacy_docs/partner_docs/HPE/03-SolutionSummary.mdx | 7 ++++--- .../partner_docs/HPE/Images/HPESolutionSummaryImage.png | 3 +++ 3 files changed, 8 insertions(+), 4 deletions(-) create mode 100644 advocacy_docs/partner_docs/HPE/Images/HPESolutionSummaryImage.png diff --git a/advocacy_docs/partner_docs/HPE/02-PartnerInformation.mdx b/advocacy_docs/partner_docs/HPE/02-PartnerInformation.mdx index dcce091444f..3d3ac76842f 100644 --- a/advocacy_docs/partner_docs/HPE/02-PartnerInformation.mdx +++ b/advocacy_docs/partner_docs/HPE/02-PartnerInformation.mdx @@ -9,4 +9,4 @@ description: 'Details of the partner' | **Partner Name** | HPE | | **Web Site** | https://www.hpe.com/us/en/greenlake.html | | **Partner Product** | HPE Servers | -| **Product Description** | Whether on-prem or in the cloud, HPE provides customers with simple, secure systems to deploy their databases. HPE Greenlake allows you to deploy your EDB Postgres Advanced Server, EDB Postgres Extended Server and other EDB software in a fast and secure environment. | +| **Product Description** | Whether on-prem or in the cloud, HPE provides customers with simple, secure systems to deploy their databases. HPE allows you to deploy your EDB Postgres Advanced Server, EDB Postgres Extended Server and other EDB software in a fast and secure environment. | diff --git a/advocacy_docs/partner_docs/HPE/03-SolutionSummary.mdx b/advocacy_docs/partner_docs/HPE/03-SolutionSummary.mdx index 0a066a8c5fe..d6bf1e3a2aa 100644 --- a/advocacy_docs/partner_docs/HPE/03-SolutionSummary.mdx +++ b/advocacy_docs/partner_docs/HPE/03-SolutionSummary.mdx @@ -3,9 +3,10 @@ title: 'Solution Summary' description: 'Explanation of the solution and its purpose' --- -EDB Postgres Advanced Server, EDB Postgres Extended Server, EDB Failover Manager, Postgres Enterprise Manager, and Barman can each be deployed quickly and securely when utilizing HPE hardware. HPE GreenLake is a self-service, HPE-managed platform that marries the simplicity and agility of the public cloud with the security, governance and compliance, and performance benefits of on-premises IT infrastructure. +EDB Postgres Advanced Server, EDB Postgres Extended Server, EDB Failover Manager, Postgres Enterprise Manager, and Barman can each be deployed quickly and securely when utilizing HPE hardware. Furthermore, using the HPE GreenLake Database model with EDB Postgres allows for a simpler end-to-end solution for the entire lifecycle of the database environment. -HPE Greenlake delivers a complete and preconfigured system that includes all the hardware and software necessary to be up and running almost immediately, which allows you to deploy all of your EDB products quickly and securely. +HPE GreenLake Database works to remove some of the complexities of getting a database up and running which then allows you to deploy all of your EDB products quickly and securely. HPE provides customers with complete, scalable solutions for all of their server needs in order to run their databases efficiently. -The following diagram shows a high-level architecture of: +The following diagram shows a simple high-level architecture of how EDB products sit on the HPE Servers: + ![EDB Products on HPE Servers](Images/HPESolutionSummaryImage.png) diff --git a/advocacy_docs/partner_docs/HPE/Images/HPESolutionSummaryImage.png b/advocacy_docs/partner_docs/HPE/Images/HPESolutionSummaryImage.png new file mode 100644 index 00000000000..620e97dfea6 --- /dev/null +++ b/advocacy_docs/partner_docs/HPE/Images/HPESolutionSummaryImage.png @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:417ac4bee130a8152a1ce422f85e2ed1cec2c41145f101e91f2ecd9231e141de +size 196492 From 91add1e9f3c6aaed1988a9e6508c41d54cd80426 Mon Sep 17 00:00:00 2001 From: jkitchens32 Date: Mon, 19 Jun 2023 08:46:25 -0400 Subject: [PATCH 36/61] Edits Per Scott's review --- advocacy_docs/partner_docs/HPE/03-SolutionSummary.mdx | 6 +++--- .../partner_docs/HPE/04-ConfiguringHPEGreenlake.mdx | 6 +++--- .../partner_docs/HPE/Images/HPESolutionSummaryImage.png | 4 ++-- advocacy_docs/partner_docs/HPE/Images/SampleDeployment.png | 4 ++-- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/advocacy_docs/partner_docs/HPE/03-SolutionSummary.mdx b/advocacy_docs/partner_docs/HPE/03-SolutionSummary.mdx index d6bf1e3a2aa..8ec1a8d98ba 100644 --- a/advocacy_docs/partner_docs/HPE/03-SolutionSummary.mdx +++ b/advocacy_docs/partner_docs/HPE/03-SolutionSummary.mdx @@ -3,10 +3,10 @@ title: 'Solution Summary' description: 'Explanation of the solution and its purpose' --- -EDB Postgres Advanced Server, EDB Postgres Extended Server, EDB Failover Manager, Postgres Enterprise Manager, and Barman can each be deployed quickly and securely when utilizing HPE hardware. Furthermore, using the HPE GreenLake Database model with EDB Postgres allows for a simpler end-to-end solution for the entire lifecycle of the database environment. +EDB Postgres Advanced Server, EDB Postgres Extended Server, Failover Manager, Postgres Enterprise Manager, and Barman can each be deployed on HPE hardware that is customizable per customer needs. Furthermore, using the HPE GreenLake Database model with EDB Postgres allows for a simpler end-to-end solution for the entire lifecycle of the database environment. -HPE GreenLake Database works to remove some of the complexities of getting a database up and running which then allows you to deploy all of your EDB products quickly and securely. HPE provides customers with complete, scalable solutions for all of their server needs in order to run their databases efficiently. +HPE GreenLake Database works to remove some of the complexities of getting a database up and running which then allows you to deploy all of your EDB products quickly and securely. HPE does this by taking on some of the in depth pieces like designing, implementing and operating a database so customers do not have to put as much focus into these areas. HPE provides customers with complete, scalable solutions for all of their server needs in order to run their databases efficiently. -The following diagram shows a simple high-level architecture of how EDB products sit on the HPE Servers: +The following diagram shows what EDB products were tested on HPE Servers: ![EDB Products on HPE Servers](Images/HPESolutionSummaryImage.png) diff --git a/advocacy_docs/partner_docs/HPE/04-ConfiguringHPEGreenlake.mdx b/advocacy_docs/partner_docs/HPE/04-ConfiguringHPEGreenlake.mdx index 70e64ef69ad..3d8da9d9e95 100644 --- a/advocacy_docs/partner_docs/HPE/04-ConfiguringHPEGreenlake.mdx +++ b/advocacy_docs/partner_docs/HPE/04-ConfiguringHPEGreenlake.mdx @@ -19,16 +19,16 @@ Sample deployment: - HPE servers set up per your requirements -## SSH Into Server and Deploy Postgres Distribution +## Login to Server and Deploy Postgres Distribution -1. SSH into your server per your chosen method, for example if on a Windows system accessing a RHEL Server, you would want to use a utility like PuTTy to SSH into your server to access it. +1. Login to your server per your chosen method, for example if on a Windows system accessing a RHEL Server, you would want to use a utility like PuTTy to SSH into your server to access it. 2. Login as the `Root` user via credentials you established with HPE during your server setup. 3. Install your preferred Postgres Distribution. For example, for EDB Postgres Advanced Server refer to the [EDB Postgres Advanced Server documentation](https://www.enterprisedb.com/docs/epas/latest/). -4. Install the other EDB tools, such as [EDB Failover Manager (EFM)](https://www.enterprisedb.com/docs/efm/latest/), [Postgres Enterprise Manager (PEM)](https://www.enterprisedb.com/docs/pem/latest/), or [Barman](https://www.enterprisedb.com/docs/supported-open-source/barman/), as needed for your configuration in the appropriate servers. Refer to the [EDB documentation](https://www.enterprisedb.com/docs) for any other software needs. +4. Install the other EDB tools, such as [Failover Manager (EFM)](https://www.enterprisedb.com/docs/efm/latest/), [Postgres Enterprise Manager (PEM)](https://www.enterprisedb.com/docs/pem/latest/), or [Barman](https://www.enterprisedb.com/docs/supported-open-source/barman/), as needed for your configuration in the appropriate servers. Refer to the [EDB documentation](https://www.enterprisedb.com/docs) for any other software needs. diff --git a/advocacy_docs/partner_docs/HPE/Images/HPESolutionSummaryImage.png b/advocacy_docs/partner_docs/HPE/Images/HPESolutionSummaryImage.png index 620e97dfea6..c9b531914ea 100644 --- a/advocacy_docs/partner_docs/HPE/Images/HPESolutionSummaryImage.png +++ b/advocacy_docs/partner_docs/HPE/Images/HPESolutionSummaryImage.png @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:417ac4bee130a8152a1ce422f85e2ed1cec2c41145f101e91f2ecd9231e141de -size 196492 +oid sha256:058de5635b56b975e142850e3701388c90584c0a090ece9789611e34a8d9b313 +size 192405 diff --git a/advocacy_docs/partner_docs/HPE/Images/SampleDeployment.png b/advocacy_docs/partner_docs/HPE/Images/SampleDeployment.png index fa80457a82f..1e8d7a53852 100644 --- a/advocacy_docs/partner_docs/HPE/Images/SampleDeployment.png +++ b/advocacy_docs/partner_docs/HPE/Images/SampleDeployment.png @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:d24a1c9dea97a91654d2146a7af3c48deeb1168fa4a5c1c7a1d18e5bb02a2e95 -size 94633 +oid sha256:e269775dba2a89587e4d3038999f48bd15bbf3ef0ed87f1a57d833d6ece4f69d +size 339962 From d6f0db1de5c9ba098b2af3ddbc0ceba8fd584ac0 Mon Sep 17 00:00:00 2001 From: jkitchens32 Date: Mon, 19 Jun 2023 16:40:15 -0400 Subject: [PATCH 37/61] Review Changes --- advocacy_docs/partner_docs/HPE/02-PartnerInformation.mdx | 2 +- advocacy_docs/partner_docs/HPE/03-SolutionSummary.mdx | 2 +- advocacy_docs/partner_docs/HPE/04-ConfiguringHPEGreenlake.mdx | 2 +- advocacy_docs/partner_docs/HPE/05-UsingHPEGreenlake.mdx | 1 + advocacy_docs/partner_docs/HPE/index.mdx | 4 ++-- 5 files changed, 6 insertions(+), 5 deletions(-) diff --git a/advocacy_docs/partner_docs/HPE/02-PartnerInformation.mdx b/advocacy_docs/partner_docs/HPE/02-PartnerInformation.mdx index 3d3ac76842f..3d0da9ad59d 100644 --- a/advocacy_docs/partner_docs/HPE/02-PartnerInformation.mdx +++ b/advocacy_docs/partner_docs/HPE/02-PartnerInformation.mdx @@ -9,4 +9,4 @@ description: 'Details of the partner' | **Partner Name** | HPE | | **Web Site** | https://www.hpe.com/us/en/greenlake.html | | **Partner Product** | HPE Servers | -| **Product Description** | Whether on-prem or in the cloud, HPE provides customers with simple, secure systems to deploy their databases. HPE allows you to deploy your EDB Postgres Advanced Server, EDB Postgres Extended Server and other EDB software in a fast and secure environment. | +| **Product Description** | Whether on-prem or in the cloud, HPE provides customers with simple, secure systems to deploy their databases. HPE allows you to deploy your EDB Postgres Advanced Server, EDB Postgres Extended Server, PostgreSQL and other EDB software in a fast and secure environment. | diff --git a/advocacy_docs/partner_docs/HPE/03-SolutionSummary.mdx b/advocacy_docs/partner_docs/HPE/03-SolutionSummary.mdx index 8ec1a8d98ba..3e2919819ca 100644 --- a/advocacy_docs/partner_docs/HPE/03-SolutionSummary.mdx +++ b/advocacy_docs/partner_docs/HPE/03-SolutionSummary.mdx @@ -3,7 +3,7 @@ title: 'Solution Summary' description: 'Explanation of the solution and its purpose' --- -EDB Postgres Advanced Server, EDB Postgres Extended Server, Failover Manager, Postgres Enterprise Manager, and Barman can each be deployed on HPE hardware that is customizable per customer needs. Furthermore, using the HPE GreenLake Database model with EDB Postgres allows for a simpler end-to-end solution for the entire lifecycle of the database environment. +EDB Postgres Advanced Server, EDB Postgres Extended Server, PostgreSQL, Failover Manager, Postgres Enterprise Manager, and Barman can each be deployed on HPE hardware that is customizable per customer needs. Furthermore, using the HPE GreenLake Database model with EDB Postgres allows for a simpler end-to-end solution for the entire lifecycle of the database environment. HPE GreenLake Database works to remove some of the complexities of getting a database up and running which then allows you to deploy all of your EDB products quickly and securely. HPE does this by taking on some of the in depth pieces like designing, implementing and operating a database so customers do not have to put as much focus into these areas. HPE provides customers with complete, scalable solutions for all of their server needs in order to run their databases efficiently. diff --git a/advocacy_docs/partner_docs/HPE/04-ConfiguringHPEGreenlake.mdx b/advocacy_docs/partner_docs/HPE/04-ConfiguringHPEGreenlake.mdx index 3d8da9d9e95..98e78742c4f 100644 --- a/advocacy_docs/partner_docs/HPE/04-ConfiguringHPEGreenlake.mdx +++ b/advocacy_docs/partner_docs/HPE/04-ConfiguringHPEGreenlake.mdx @@ -26,7 +26,7 @@ Sample deployment: 2. Login as the `Root` user via credentials you established with HPE during your server setup. -3. Install your preferred Postgres Distribution. For example, for EDB Postgres Advanced Server refer to the [EDB Postgres Advanced Server documentation](https://www.enterprisedb.com/docs/epas/latest/). +3. Install your preferred Postgres Distribution. For example, for EDB Postgres Advanced Server refer to the [EDB Postgres Advanced Server documentation](https://www.enterprisedb.com/docs/epas/latest/) or for EDB Postgres Extended Server refer to the [EDB Postgres Extended Server documentation](https://www.enterprisedb.com/docs/pge/latest/). 4. Install the other EDB tools, such as [Failover Manager (EFM)](https://www.enterprisedb.com/docs/efm/latest/), [Postgres Enterprise Manager (PEM)](https://www.enterprisedb.com/docs/pem/latest/), or [Barman](https://www.enterprisedb.com/docs/supported-open-source/barman/), as needed for your configuration in the appropriate servers. Refer to the [EDB documentation](https://www.enterprisedb.com/docs) for any other software needs. diff --git a/advocacy_docs/partner_docs/HPE/05-UsingHPEGreenlake.mdx b/advocacy_docs/partner_docs/HPE/05-UsingHPEGreenlake.mdx index 20c2e140370..abb50193c8e 100644 --- a/advocacy_docs/partner_docs/HPE/05-UsingHPEGreenlake.mdx +++ b/advocacy_docs/partner_docs/HPE/05-UsingHPEGreenlake.mdx @@ -13,6 +13,7 @@ To use HPE System Components: - EDB Postgres Advanced Server - EDB Postgres Extended Server + - PostgreSQL - Failover Manager - Postgres Enterprise Manager - Barman diff --git a/advocacy_docs/partner_docs/HPE/index.mdx b/advocacy_docs/partner_docs/HPE/index.mdx index 1883c0320bd..0fd33dbf849 100644 --- a/advocacy_docs/partner_docs/HPE/index.mdx +++ b/advocacy_docs/partner_docs/HPE/index.mdx @@ -1,5 +1,5 @@ --- -title: 'HPE Implementation Guide' +title: 'HPE Servers Implementation Guide' indexCards: simple directoryDefaults: iconName: handshake @@ -9,6 +9,6 @@ directoryDefaults:

EDB GlobalConnect Technology Partner Implementation Guide

-

HPE

+

HPE Servers

This document is intended to augment each vendor’s product documentation in order to guide the reader in getting the products working together. It is not intended to show the optimal configuration for the certified integration.

\ No newline at end of file From 3d2c8f889de132d1a30ee74b70d1ca6c86d7d5d9 Mon Sep 17 00:00:00 2001 From: jkitchens32 Date: Wed, 5 Jul 2023 10:05:49 -0400 Subject: [PATCH 38/61] Spelling and Suggested Changes --- .../partner_docs/HPE/04-ConfiguringHPEGreenlake.mdx | 8 ++++---- advocacy_docs/partner_docs/HPE/05-UsingHPEGreenlake.mdx | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/advocacy_docs/partner_docs/HPE/04-ConfiguringHPEGreenlake.mdx b/advocacy_docs/partner_docs/HPE/04-ConfiguringHPEGreenlake.mdx index 98e78742c4f..70708622bc4 100644 --- a/advocacy_docs/partner_docs/HPE/04-ConfiguringHPEGreenlake.mdx +++ b/advocacy_docs/partner_docs/HPE/04-ConfiguringHPEGreenlake.mdx @@ -5,9 +5,9 @@ description: 'Walkthrough on configuring the integration' Implementing EDB software on HPE requires the following components: !!! Note - The EDB Postgres Advanced Server, EDB Postgres Extended Server and PostgreSQL Server products will be referred to as Postgres Distribution. The specific Distribution type will be dependant upon customer need or preference. + The EDB Postgres Advanced Server, EDB Postgres Extended Server and PostgreSQL Server products will be referred to as EDB Postgres distribution. The specific distribution type will be dependent upon customer need or preference. -- Postgres Distribution +- EDB Postgres distribution - HPE system components configured per your requirements Sample deployment: @@ -19,14 +19,14 @@ Sample deployment: - HPE servers set up per your requirements -## Login to Server and Deploy Postgres Distribution +## Login to Server and Deploy EDB Postgres Distribution 1. Login to your server per your chosen method, for example if on a Windows system accessing a RHEL Server, you would want to use a utility like PuTTy to SSH into your server to access it. 2. Login as the `Root` user via credentials you established with HPE during your server setup. -3. Install your preferred Postgres Distribution. For example, for EDB Postgres Advanced Server refer to the [EDB Postgres Advanced Server documentation](https://www.enterprisedb.com/docs/epas/latest/) or for EDB Postgres Extended Server refer to the [EDB Postgres Extended Server documentation](https://www.enterprisedb.com/docs/pge/latest/). +3. Install your preferred EDB Postgres distribution. For example, for EDB Postgres Advanced Server refer to the [EDB Postgres Advanced Server documentation](https://www.enterprisedb.com/docs/epas/latest/) or for EDB Postgres Extended Server refer to the [EDB Postgres Extended Server documentation](https://www.enterprisedb.com/docs/pge/latest/). 4. Install the other EDB tools, such as [Failover Manager (EFM)](https://www.enterprisedb.com/docs/efm/latest/), [Postgres Enterprise Manager (PEM)](https://www.enterprisedb.com/docs/pem/latest/), or [Barman](https://www.enterprisedb.com/docs/supported-open-source/barman/), as needed for your configuration in the appropriate servers. Refer to the [EDB documentation](https://www.enterprisedb.com/docs) for any other software needs. diff --git a/advocacy_docs/partner_docs/HPE/05-UsingHPEGreenlake.mdx b/advocacy_docs/partner_docs/HPE/05-UsingHPEGreenlake.mdx index abb50193c8e..be32920de19 100644 --- a/advocacy_docs/partner_docs/HPE/05-UsingHPEGreenlake.mdx +++ b/advocacy_docs/partner_docs/HPE/05-UsingHPEGreenlake.mdx @@ -3,13 +3,13 @@ title: 'Using' description: 'Walkthrough of example usage scenarios' --- -HPE systems are easy to deploy, turn on and off, and install your Postgres Distribution products on, while ensuring speed and security. +HPE systems are easy to deploy, turn on and off, and install your EDB Postgres distribution products on, while ensuring speed and security. To use HPE System Components: 1. Access your server, either via GUI or SSH depending on your system setup. -1. Install and deploy your Postgres Distribution products as needed: +1. Install and deploy your EDB Postgres distribution products as needed: - EDB Postgres Advanced Server - EDB Postgres Extended Server From ae614fbd190b0d6d2a2b047b24ce329fea1286db Mon Sep 17 00:00:00 2001 From: jkitchens32 Date: Fri, 7 Jul 2023 15:37:49 -0400 Subject: [PATCH 39/61] Changed EDB Postgres Distro wording --- .../partner_docs/HPE/04-ConfiguringHPEGreenlake.mdx | 8 ++++---- advocacy_docs/partner_docs/HPE/05-UsingHPEGreenlake.mdx | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/advocacy_docs/partner_docs/HPE/04-ConfiguringHPEGreenlake.mdx b/advocacy_docs/partner_docs/HPE/04-ConfiguringHPEGreenlake.mdx index 70708622bc4..dbd9fdb6c88 100644 --- a/advocacy_docs/partner_docs/HPE/04-ConfiguringHPEGreenlake.mdx +++ b/advocacy_docs/partner_docs/HPE/04-ConfiguringHPEGreenlake.mdx @@ -5,9 +5,9 @@ description: 'Walkthrough on configuring the integration' Implementing EDB software on HPE requires the following components: !!! Note - The EDB Postgres Advanced Server, EDB Postgres Extended Server and PostgreSQL Server products will be referred to as EDB Postgres distribution. The specific distribution type will be dependent upon customer need or preference. + The EDB Postgres Advanced Server, EDB Postgres Extended Server and PostgreSQL Server products will be referred to as Postgres distribution. The specific distribution type will be dependent upon customer need or preference. -- EDB Postgres distribution +- Postgres distribution - HPE system components configured per your requirements Sample deployment: @@ -19,14 +19,14 @@ Sample deployment: - HPE servers set up per your requirements -## Login to Server and Deploy EDB Postgres Distribution +## Login to Server and Deploy Postgres Distribution 1. Login to your server per your chosen method, for example if on a Windows system accessing a RHEL Server, you would want to use a utility like PuTTy to SSH into your server to access it. 2. Login as the `Root` user via credentials you established with HPE during your server setup. -3. Install your preferred EDB Postgres distribution. For example, for EDB Postgres Advanced Server refer to the [EDB Postgres Advanced Server documentation](https://www.enterprisedb.com/docs/epas/latest/) or for EDB Postgres Extended Server refer to the [EDB Postgres Extended Server documentation](https://www.enterprisedb.com/docs/pge/latest/). +3. Install your preferred Postgres distribution. For example, for EDB Postgres Advanced Server refer to the [EDB Postgres Advanced Server documentation](https://www.enterprisedb.com/docs/epas/latest/) or for EDB Postgres Extended Server refer to the [EDB Postgres Extended Server documentation](https://www.enterprisedb.com/docs/pge/latest/). 4. Install the other EDB tools, such as [Failover Manager (EFM)](https://www.enterprisedb.com/docs/efm/latest/), [Postgres Enterprise Manager (PEM)](https://www.enterprisedb.com/docs/pem/latest/), or [Barman](https://www.enterprisedb.com/docs/supported-open-source/barman/), as needed for your configuration in the appropriate servers. Refer to the [EDB documentation](https://www.enterprisedb.com/docs) for any other software needs. diff --git a/advocacy_docs/partner_docs/HPE/05-UsingHPEGreenlake.mdx b/advocacy_docs/partner_docs/HPE/05-UsingHPEGreenlake.mdx index be32920de19..d20c653d2b0 100644 --- a/advocacy_docs/partner_docs/HPE/05-UsingHPEGreenlake.mdx +++ b/advocacy_docs/partner_docs/HPE/05-UsingHPEGreenlake.mdx @@ -3,13 +3,13 @@ title: 'Using' description: 'Walkthrough of example usage scenarios' --- -HPE systems are easy to deploy, turn on and off, and install your EDB Postgres distribution products on, while ensuring speed and security. +HPE systems are easy to deploy, turn on and off, and install your Postgres distribution products on, while ensuring speed and security. To use HPE System Components: 1. Access your server, either via GUI or SSH depending on your system setup. -1. Install and deploy your EDB Postgres distribution products as needed: +1. Install and deploy your Postgres distribution products as needed: - EDB Postgres Advanced Server - EDB Postgres Extended Server From 22abecf12cba076ffd0dc1af0deaba15f87b3b24 Mon Sep 17 00:00:00 2001 From: Frank Touserkani <94471063+ftouserkani-edb@users.noreply.github.com> Date: Fri, 7 Jul 2023 16:05:46 -0400 Subject: [PATCH 40/61] Update index.mdx --- .../release/using_cluster/05_monitoring_and_logging/index.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/product_docs/docs/biganimal/release/using_cluster/05_monitoring_and_logging/index.mdx b/product_docs/docs/biganimal/release/using_cluster/05_monitoring_and_logging/index.mdx index 410ae0405b6..c63b8cc356f 100644 --- a/product_docs/docs/biganimal/release/using_cluster/05_monitoring_and_logging/index.mdx +++ b/product_docs/docs/biganimal/release/using_cluster/05_monitoring_and_logging/index.mdx @@ -22,6 +22,6 @@ With BigAnimal, you have a few options for monitoring and logging solutions: - Existing Postgres Enterprise Manager (PEM) users who want to monitor BigAnimal clusters alongside self-managed Postgres clusters can use the remote monitoring capability of PEM. See [Remote monitoring](/pem/latest/pem_admin/02a_pem_remote_monitoring). - With remote monitoring, you have access to many PEM features, including the ability to profile the workloads on your BigAnimal clusters. See [profile workloads](/pem/latest/profiling_workloads) for more information. + With remote monitoring, you have access to many PEM features, including the ability to profile the workloads on your BigAnimal clusters. See [Profiling workloads](/pem/latest/profiling_workloads) for more information. From fe8f0dc506fd57829162e74d5834d74e665208ba Mon Sep 17 00:00:00 2001 From: jkitchens32 Date: Mon, 10 Jul 2023 07:47:27 -0400 Subject: [PATCH 41/61] inded.js update --- src/pages/index.js | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/src/pages/index.js b/src/pages/index.js index a1443fe6e13..dcb0be73dfd 100644 --- a/src/pages/index.js +++ b/src/pages/index.js @@ -355,6 +355,9 @@ const Page = () => ( Security + + Hashicorp Vault + Imperva Data Security Fabric @@ -374,12 +377,6 @@ const Page = () => ( Esri ArcGIS Pro and Esri ArcGIS Enterprise - - Hashicorp Vault - - - Imperva Data Security Fabric - Nutanix AHV From 412760c9aa68d495cc2195cd59cfeb130d01bd27 Mon Sep 17 00:00:00 2001 From: jkitchens32 <106532490+jkitchens32@users.noreply.github.com> Date: Mon, 10 Jul 2023 10:36:13 -0400 Subject: [PATCH 42/61] Update advocacy_docs/partner_docs/HashicorpVault/02-PartnerInformation.mdx Co-authored-by: Dee Dee Rothery <83650384+drothery-edb@users.noreply.github.com> --- .../partner_docs/HashicorpVault/02-PartnerInformation.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/advocacy_docs/partner_docs/HashicorpVault/02-PartnerInformation.mdx b/advocacy_docs/partner_docs/HashicorpVault/02-PartnerInformation.mdx index cda96a21513..4c6ff94a89e 100644 --- a/advocacy_docs/partner_docs/HashicorpVault/02-PartnerInformation.mdx +++ b/advocacy_docs/partner_docs/HashicorpVault/02-PartnerInformation.mdx @@ -1,6 +1,6 @@ --- title: 'Partner Information' -description: 'Details of the Partner' +description: 'Details of the partner' --- |   |   | From 10c8db9f62504a982d711d2e822eb086e1945f66 Mon Sep 17 00:00:00 2001 From: jkitchens32 Date: Mon, 12 Jun 2023 13:45:15 -0400 Subject: [PATCH 43/61] Tech Partner Hashicorp Transit Secrets Engine Guide --- .../02-PartnerInformation.mdx | 12 ++++++++++++ .../03-SolutionSummary.mdx | 0 .../04-ConfiguringTransitSecretsEngine.mdx | 0 .../05-UsingTransitSecretsEngine.mdx | 0 .../06-CertificationEnvironment.mdx | 0 .../07-Support.mdx | 0 .../Images/PartnerProgram.jpg.png | 3 +++ .../HashicorpVaultTransitSecretsEngine/index.mdx | 14 ++++++++++++++ 8 files changed, 29 insertions(+) create mode 100644 advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/02-PartnerInformation.mdx create mode 100644 advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/03-SolutionSummary.mdx create mode 100644 advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/04-ConfiguringTransitSecretsEngine.mdx create mode 100644 advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/05-UsingTransitSecretsEngine.mdx create mode 100644 advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/06-CertificationEnvironment.mdx create mode 100644 advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/07-Support.mdx create mode 100644 advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/Images/PartnerProgram.jpg.png create mode 100644 advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/index.mdx diff --git a/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/02-PartnerInformation.mdx b/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/02-PartnerInformation.mdx new file mode 100644 index 00000000000..04f70cb31b7 --- /dev/null +++ b/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/02-PartnerInformation.mdx @@ -0,0 +1,12 @@ +--- +title: 'Partner Information' +description: 'Details of the Partner' + +--- +|   |   | +| ----------- | ----------- | +| **Partner Name** | Hashicorp | +| **Web Site** | https://www.hashicorp.com/ | +| **Partner Product** | Vault | +| **Version** | Vault v1.13.3 | +| **Product Description** | Hashicorp Vault is an identity-based secrets and encryption management system. Used in conjunction with EDB Postgres Advanced Server, it allows users to control access to encryption keys and certificates, as well as perform key management. | \ No newline at end of file diff --git a/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/03-SolutionSummary.mdx b/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/03-SolutionSummary.mdx new file mode 100644 index 00000000000..e69de29bb2d diff --git a/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/04-ConfiguringTransitSecretsEngine.mdx b/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/04-ConfiguringTransitSecretsEngine.mdx new file mode 100644 index 00000000000..e69de29bb2d diff --git a/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/05-UsingTransitSecretsEngine.mdx b/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/05-UsingTransitSecretsEngine.mdx new file mode 100644 index 00000000000..e69de29bb2d diff --git a/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/06-CertificationEnvironment.mdx b/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/06-CertificationEnvironment.mdx new file mode 100644 index 00000000000..e69de29bb2d diff --git a/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/07-Support.mdx b/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/07-Support.mdx new file mode 100644 index 00000000000..e69de29bb2d diff --git a/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/Images/PartnerProgram.jpg.png b/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/Images/PartnerProgram.jpg.png new file mode 100644 index 00000000000..93e0514710b --- /dev/null +++ b/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/Images/PartnerProgram.jpg.png @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:1953f3a5526ab37279a598f1c370c5acbf9f6d18f7902cb538161182fbed3b1f +size 57295 diff --git a/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/index.mdx b/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/index.mdx new file mode 100644 index 00000000000..d18e5885d50 --- /dev/null +++ b/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/index.mdx @@ -0,0 +1,14 @@ +--- +title: 'Hashicorp Transit Secrets Engine Implementation Guide' +indexCards: simple +directoryDefaults: + iconName: handshake +--- + +

+ +

+

EDB GlobalConnect Technology Partner Implementation Guide

+

Hashicorp Transit Secrets Engine

+ +

This document is intended to augment each vendor’s product documentation in order to guide the reader in getting the products working together. It is not intended to show the optimal configuration for the certified integration.

\ No newline at end of file From 761a45412e1ee2d81b893bcbcef8dc0c58e6ff54 Mon Sep 17 00:00:00 2001 From: jkitchens32 Date: Thu, 15 Jun 2023 12:57:46 -0400 Subject: [PATCH 44/61] Tech Partner Hashicorp Vault Transit Secrets Engine Guide --- .../02-PartnerInformation.mdx | 2 +- .../03-SolutionSummary.mdx | 11 + .../04-ConfiguringTransitSecretsEngine.mdx | 61 +++++ .../05-UsingTransitSecretsEngine.mdx | 217 ++++++++++++++++++ .../06-CertificationEnvironment.mdx | 11 + .../07-Support.mdx | 22 ++ 6 files changed, 323 insertions(+), 1 deletion(-) diff --git a/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/02-PartnerInformation.mdx b/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/02-PartnerInformation.mdx index 04f70cb31b7..3e9395aaa07 100644 --- a/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/02-PartnerInformation.mdx +++ b/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/02-PartnerInformation.mdx @@ -9,4 +9,4 @@ description: 'Details of the Partner' | **Web Site** | https://www.hashicorp.com/ | | **Partner Product** | Vault | | **Version** | Vault v1.13.3 | -| **Product Description** | Hashicorp Vault is an identity-based secrets and encryption management system. Used in conjunction with EDB Postgres Advanced Server, it allows users to control access to encryption keys and certificates, as well as perform key management. | \ No newline at end of file +| **Product Description** | Hashicorp Vault is an identity-based secrets and encryption management system. Used in conjunction with EDB Postgres Advanced Server and EDB Postgres Extended Server, it allows users to control access to encryption keys and certificates, as well as perform key management. | \ No newline at end of file diff --git a/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/03-SolutionSummary.mdx b/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/03-SolutionSummary.mdx index e69de29bb2d..633c405ff60 100644 --- a/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/03-SolutionSummary.mdx +++ b/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/03-SolutionSummary.mdx @@ -0,0 +1,11 @@ +--- +title: 'Solution Summary' +description: 'Explanation of the solution and its purpose' +--- + +Hashicorp Vault is an identity-based secrets and encryption management system. Used in conjunction with EDB Postgres Advanced Server versions 15.2 and above or EDB Postgres Extended Server versions 15 and above, it allows users to control access to encryption keys and certificates, as well as perform key management. Using Hashicorp Vault’s Transit secrets engine allows Vault to handle cryptographic functions on data in-transit. Hashicorp Vault Transit secrets engine can be referred to as "encryption as a service". + +Hashicorp Vault’s primary use case for Transit secrets engine is to encrypt data from applications while simultaneously storing encrypted data in some primary data store. Hashicorp Vault Transit Secrets Engine can also generate hashes, sign and verify data and generate HMAC' of data. + +![Hashicorp Vault Transit Secrets Engine Architecture](Images/HashicorpVaultTransitSecretsEngineArchitecture.png) + diff --git a/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/04-ConfiguringTransitSecretsEngine.mdx b/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/04-ConfiguringTransitSecretsEngine.mdx index e69de29bb2d..937a348706e 100644 --- a/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/04-ConfiguringTransitSecretsEngine.mdx +++ b/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/04-ConfiguringTransitSecretsEngine.mdx @@ -0,0 +1,61 @@ +--- +title: 'Configuration' +description: 'Walkthrough on configuring the integration' +--- + +Implementing Hashicorp Vault with EDB Postgres Advanced Server version 15.2 and above, requires the following components: + +- EDB Postgres Advanced Server version 15.2 or above +- Hashicorp Vault v1.13.3 +- [Pykmip](https://pypi.org/project/PyKMIP/#files) +- Python + +## Prerequisites + +- A running EDB Postgres Advanced Server instance +- Hashicorp Vault installed and deployed per your VM environment + +## Enable Hashicorp Vault Transit Secrets Engine + +!!! Note + You have to set your environment variable with Hashicorp Vault. If you receive this error message “Get "https://127.0.0.1:8200/v1/sys/seal-status": http: server gave HTTP response to HTTPS client” you need to issue this in your command line `export VAULT_ADDR="http://127.0.0.1:8200`". + +1. After your Hashicorp Vault configuration is installed and deployed per the guidelines in the [Hashicorp documentation](https://developer.hashicorp.com/vault/tutorials/getting-started/getting-started-install), you will then need to enable the transit secrets engine. + +2. Assume root user. + +3. First set your two variables, your API address and token you receieved during installation and setup. +```bash +root@ip-172-31-50-151:/home/ubuntu# export VAULT_ADDR='http://127.0.0.1:8200' +root@ip-172-31-50-151:/home/ubuntu# export VAULT_TOKEN="hvs.D9lfoRBZYtdJY2t3lG3f6yUa" +``` +4. Before you enable the Transit Secrets Engine you can check your Vault Server status with `vault status` +```bash +root@ip-172-31-50-151:/home/ubuntu# vault status +Key Value +--- ----- +Seal Type shamir +Initialized true +Sealed false +Total Shares 1 +Threshold 1 +Version 1.13.3 +Build Date 2023-06-06T18:12:37Z +Storage Type inmem +Cluster Name vault-cluster-18a7ed39 +Cluster ID 83012ee7-18f0-9480-e8b6-3ff02c285ba2 +HA Enabled false +``` + +5. Type `vault secrets enable transit`. +```bash +root@ip-172-31-50-151:/home/ubuntu# vault secrets enable transit +Success! Enabled the transit secrets engine at: transit/ +``` + +6. Next you will create your encryption key with an identifiable name. +```bash +root@ip-172-31-50-151:/usr/lib/edb-pge/15/bin# vault write -f transit/keys/pg-tde-master-1 +Success! Data written to: transit/keys/pg-tde-master-1 +``` +7. You now have your encryption key set and are ready to export your WRAP and UNWRAP commands and initialize your database. \ No newline at end of file diff --git a/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/05-UsingTransitSecretsEngine.mdx b/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/05-UsingTransitSecretsEngine.mdx index e69de29bb2d..240d3b40fbf 100644 --- a/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/05-UsingTransitSecretsEngine.mdx +++ b/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/05-UsingTransitSecretsEngine.mdx @@ -0,0 +1,217 @@ +--- +title: 'Using' +description: 'Walkthrough of example usage scenarios' +--- + +After you have configured Hashicorp Vault Transit Secrets Engine as stated in the Configuring section, you will be able to then encrypt your EDB Postgres Advanced Server database. + +!!! Note + It is important to note that this doc is intended for versions 15.2 and above of EDB Postgres Advanced Server or versions 15 and above of EDB Postgres Extended Server as this version supports Transparent Data Encryption (TDE). + +After the Hashicorp Vault Transit secrets engine is configured and a user/machine has a Vault token with the proper permissions, this was configured during your install and setup of Transit Secrets Engine, it can use this secrets engine to encrypt a key. + +## Perform initdb for the Database + +After you have enabled Hashicorp Vault Transit Secrets Engine and created a key, you will be able to export the PGDATAKEYWRAPCMD and PGDATAKEYUNWRAPCMD to wrap and unwrap your encryption key and initialize your database. + +1. Login to your EDB Postgres Advanced Server system as the database superuser, for example `sudo su - enterprisedb`. + +2. Navigate to the `/bin` directory where your executables live. In our example it is `/usr/lib/edb-as/15/bin`. + +3. Type: `export PGDATAKEYWRAPCMD='base64 | vault write -field=ciphertext transit/encrypt/pg-tde-master-1 plaintext=- > %p'` + +4. Type: `export PGDATAKEYUNWRAPCMD='cat %p | vault write -field=plaintext transit/decrypt/pg-tde-master-1 ciphertext=- | base64 --decode'` + +```bash +root@ip-172-31-50-151:/usr/lib/edb-pge/15/bin# su - enterprisedb + +enterprisedb@ip-172-31-50-151:~$ export PGDATAKEYWRAPCMD='base64 | vault write -field=ciphertext transit/encrypt/pg-tde-master-1 plaintext=- > %p' + +enterprisedb@ip-172-31-50-151:~$ export PGDATAKEYUNWRAPCMD='cat %p | vault write -field=plaintext transit/decrypt/pg-tde-master-1 ciphertext=- | base64 --decode' +``` +5. Perform your initdb per your database requirements, for example: `./initdb -D dd12 -y`. + +6. If all is successful you should get an output that looks like this: +```bash + + enterprisedb@ip-172-31-46-134:/usr/lib/edb-as/15/bin$ ./initdb -D /var/lib/edb-as/15/dd12 -y +The files belonging to this database system will be owned by user "enterprisedb". +This user must also own the server process. +The database cluster will be initialized with locale "C.UTF-8". +The default database encoding has accordingly been set to "UTF8". +The default text search configuration will be set to "english". +Data page checksums are disabled. +Transparent data encryption is enabled. +creating directory /var/lib/edb-as/15/dd12 ... ok +creating subdirectories ... ok +selecting dynamic shared memory implementation ... posix +selecting default max_connections ... 100 +selecting default shared_buffers ... 128MB +selecting default time zone ... America/New_York +creating configuration files ... ok +setting up data encryption ... ok +running bootstrap script ... usage: edb_tde_kmip_client.py [-h] [--pykmip-config-file FILENAME] + [--pykmip-config-block NAME] + [--in-file FILENAME] [--out-file FILENAME] + --key-uid KEY_UID --variant {pykmip,thales} + {decrypt,encrypt} +edb_tde_kmip_client.py: error: argument --variant: invalid choice: 'pymip' (choose from 'pykmip', 'thales') +2023-04-12 09:35:27 EDT FATAL: unwrapped key is too small +child process exited with exit code 1 +initdb: removing data directory "/var/lib/edb-as/15/dd12" +enterprisedb@ip-172-31-46-134:/usr/lib/edb-as/15/bin$ export PGDATAKEYWRAPCMD='python3 /tmp/edb_tde_kmip_client.py encrypt --pykmip-config-file=/tmp/pykmip.conf --key-uid=nfTCV2Cp5sffhQuRrOVfgCUyu8qh9kwd --out-file=%p --variant=pykmip' +enterprisedb@ip-172-31-46-134:/usr/lib/edb-as/15/bin$ export PGDATAKEYUNWRAPCMD='python3 /tmp/edb_tde_kmip_client.py decrypt --pykmip-config-file=/tmp/pykmip.conf --key-uid=nfTCV2Cp5sffhQuRrOVfgCUyu8qh9kwd --in-file=%p --variant=pykmip' +enterprisedb@ip-172-31-46-134:/usr/lib/edb-as/15/bin$ +enterprisedb@ip-172-31-46-134:/usr/lib/edb-as/15/bin$ +enterprisedb@ip-172-31-46-134:/usr/lib/edb-as/15/bin$ +enterprisedb@ip-172-31-46-134:/usr/lib/edb-as/15/bin$ +enterprisedb@ip-172-31-46-134:/usr/lib/edb-as/15/bin$ ./initdb -D /var/lib/edb-as/15/dd12 -y +The files belonging to this database system will be owned by user "enterprisedb". +This user must also own the server process. +The database cluster will be initialized with locale "C.UTF-8". +The default database encoding has accordingly been set to "UTF8". +The default text search configuration will be set to "english". +Data page checksums are disabled. +Transparent data encryption is enabled. +creating directory /var/lib/edb-as/15/dd12 ... ok +creating subdirectories ... ok +selecting dynamic shared memory implementation ... posix +selecting default max_connections ... 100 +selecting default shared_buffers ... 128MB +selecting default time zone ... America/New_York +creating configuration files ... ok +setting up data encryption ... ok +running bootstrap script ... ok +performing post-bootstrap initialization ... ok +creating edb sys ... ok +loading edb contrib modules ... +edb_redwood_bytea.sql +edb_redwood_date.sql +dbms_alert_public.sql +dbms_alert.plb +dbms_job_public.sql +dbms_job.plb +dbms_lob_public.sql +dbms_lob.plb +dbms_output_public.sql +dbms_output.plb +dbms_pipe_public.sql +dbms_pipe.plb +dbms_rls_public.sql +dbms_rls.plb +dbms_sql_public.sql +dbms_sql.plb +dbms_utility_public.sql +dbms_utility.plb +dbms_aqadm_public.sql +dbms_aqadm.plb +dbms_aq_public.sql +dbms_aq.plb +dbms_profiler_public.sql +dbms_profiler.plb +dbms_random_public.sql +dbms_random.plb +dbms_redact_public.sql +dbms_redact.plb +dbms_lock_public.sql +dbms_lock.plb +dbms_scheduler_public.sql +dbms_scheduler.plb +dbms_crypto_public.sql +dbms_crypto.plb +dbms_mview_public.sql +dbms_mview.plb +dbms_session_public.sql +dbms_session.plb +edb_bulkload.sql +edb_gen.sql +edb_objects.sql +edb_redwood_casts.sql +edb_redwood_strings.sql +edb_redwood_views.sql +utl_encode_public.sql +utl_encode.plb +utl_http_public.sql +utl_http.plb +utl_file.plb +edb_ht_public.sql +edb_ht.plb +utl_tcp_public.sql +utl_tcp.plb +utl_smtp_public.sql +utl_smtp.plb +utl_mail_public.sql +utl_mail.plb +utl_url_public.sql +utl_url.plb +utl_raw_public.sql +utl_raw.plb +commoncriteria.sql +edb_gen_redwood.sql +waitstates.sql +installing extension edb_dblink_libpq ... ok +installing extension edb_dblink_oci ... ok +snap_tables.sql +snap_functions.sql +dblink_ora.sql +sys_stats.sql +ok +finalizing initial databases ... ok +syncing data to disk ... ok +initdb: warning: enabling "trust" authentication for local connections +initdb: hint: You can change this by editing pg_hba.conf or using the option -A, or --auth-local and --auth-host, the next time you run initdb. +Success. You can now start the database server using: + pg_ctl -D /var/lib/edb-as/15/dd12 -l logfile start + +``` + +7. Start your database and navigate to your `/data` directory to view the postgresql.conf file to ensure that your `data_encryption_key_unwrap_command` that you set with your `export PGDATAUNWRAPCMD` is present under the Authentication section. +```bash +# - Authentication - + +#authentication_timeout = 1min # 1s-600s +#password_encryption = scram-sha-256 # scram-sha-256 or md5 +#db_user_namespace = off + +# GSSAPI using Kerberos +#krb_server_keyfile = 'FILE:${sysconfdir}/krb5.keytab' +#krb_caseins_users = off + +# - SSL - + +#ssl = off +#ssl_ca_file = '' +#ssl_cert_file = 'server.crt' +#ssl_crl_file = '' +#ssl_crl_dir = '' +#ssl_key_file = 'server.key' +#ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers +#ssl_prefer_server_ciphers = on +#ssl_ecdh_curve = 'prime256v1' +#ssl_min_protocol_version = 'TLSv1.2' +#ssl_max_protocol_version = '' +#ssl_dh_params_file = '' +#ssl_passphrase_command = '' +#ssl_passphrase_command_supports_reload = off + +# - Data Encryption - + +data_encryption_key_unwrap_command = 'cat %p | vault write -field=plaintext transit/decrypt/pg-tde-master-1 ciphertext=- | base64 --decode' + +``` +## Encrypt Plaintext Data + +Hashicorp Vault Transit Secrets Engine can also encrypt some plaintext data. However any plaintext data needs to be base64-encoded. This is a requirement as Hashicorp Vault does not require that the plaintext data is "text", it could also be another type of file. + +```bash +enterprisedb@ip-172-31-50-151:~$ export VAULT_TOKEN="hvs.D9lfoRBZYtdJY2t3lG3f6yUa" +enterprisedb@ip-172-31-50-151:~$ vault write transit/encrypt/pg-tde-master-1 plaintext=$(echo "my secret data" | base64) +Key Value +--- ----- +ciphertext vault:v1:/laUa+i1RVs4kFDD+a6Dmm+mJvVuo8jW0JHWISlzEe/ur/nUlfswEyYShA== +key_version 1 +``` +As an added note, Hashicorp Vault does not store any data, that is up to the database user. For any more information on Hashicorp Vault Transit Secrets Engine visit the [Hashicorp](https://developer.hashicorp.com/vault/docs/secrets/transit) documentation. + +For more information on how TDE is incorporated with EDB Postgres Advanced Server visit the [EDB Transparent Data Encryption](https://www.enterprisedb.com/docs/tde/latest/) documentation. + diff --git a/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/06-CertificationEnvironment.mdx b/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/06-CertificationEnvironment.mdx index e69de29bb2d..e03cc996f9b 100644 --- a/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/06-CertificationEnvironment.mdx +++ b/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/06-CertificationEnvironment.mdx @@ -0,0 +1,11 @@ +--- +title: 'Certification Environment' +description: 'Overview of the certification environment' +--- + +|   |   | +| ----------- | ----------- | +| **Certification Test Date** | June 12, 2023 | +| **EDB Postgres Advanced Server** | 15.2 | +| **EDB Postgres Extended Server** | 15 | +| **Hashicorp Vault** | v1.13.3 | \ No newline at end of file diff --git a/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/07-Support.mdx b/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/07-Support.mdx index e69de29bb2d..1c36ee14f88 100644 --- a/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/07-Support.mdx +++ b/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/07-Support.mdx @@ -0,0 +1,22 @@ +--- +title: 'Support and Logging Details' +description: 'Details of the support process and logging information' +--- + +## Support + +Technical support for the use of these products is provided by both EDB and Hashicorp. A proper support contract is required to be in place at both EDB and Hashicorp. A support ticket can be opened on either side to start the process. If it is determined through the support ticket that resources from the other vendor is required, the customer should open a support ticket with that vendor through normal support channels. This will allow both companies to work together to help the customer as needed. + +## Logging + +**EDB Postgres Advanced Server Logs:** + +Navigate to the `Data` directory in your chosen EDB Postgres Advanced Server instance and from here you can navigate to `log`, `current_logfiles` or you can navigate to the `postgresql.conf` file where you can customize logging options or enable `edb_audit` logs. + +** Hashicorp Vault Logs** + +Customers can use the `journalctl` function to call logs for Hashicorp Vault. + +If you just want to view the Vault logs you can do so by entering `journalctl -ex -u vault` in the command line. + +If you want to view logs for a specific day and output those results to a `.txt` file you can do so by entering `journalctl -u vault -S today > vaultlog.txt` in the command line, adjusting the date to your needed date and the text title. \ No newline at end of file From 45001266b52a441087ddc31517f5e97a2eb0a67b Mon Sep 17 00:00:00 2001 From: jkitchens32 Date: Thu, 15 Jun 2023 13:03:39 -0400 Subject: [PATCH 45/61] Added correct index.js link --- src/pages/index.js | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/pages/index.js b/src/pages/index.js index 1787214b854..330c2380086 100644 --- a/src/pages/index.js +++ b/src/pages/index.js @@ -380,6 +380,9 @@ const Page = () => ( HPE + + Hashicorp Vault Transit Secrets Engine + Imperva Data Security Fabric From 1fdea7a4db3f99543e8ec3183bcce453e80ddafe Mon Sep 17 00:00:00 2001 From: jkitchens32 Date: Thu, 15 Jun 2023 14:26:26 -0400 Subject: [PATCH 46/61] Name fix --- .../HashicorpVaultTransitSecretsEngine/index.mdx | 4 ++-- src/pages/index.js | 9 +++------ 2 files changed, 5 insertions(+), 8 deletions(-) diff --git a/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/index.mdx b/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/index.mdx index d18e5885d50..083cc5d871d 100644 --- a/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/index.mdx +++ b/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/index.mdx @@ -1,5 +1,5 @@ --- -title: 'Hashicorp Transit Secrets Engine Implementation Guide' +title: 'Hashicorp Vault Transit Secrets Engine Implementation Guide' indexCards: simple directoryDefaults: iconName: handshake @@ -9,6 +9,6 @@ directoryDefaults:

EDB GlobalConnect Technology Partner Implementation Guide

-

Hashicorp Transit Secrets Engine

+

Hashicorp Vault Transit Secrets Engine

This document is intended to augment each vendor’s product documentation in order to guide the reader in getting the products working together. It is not intended to show the optimal configuration for the certified integration.

\ No newline at end of file diff --git a/src/pages/index.js b/src/pages/index.js index 330c2380086..4777462051d 100644 --- a/src/pages/index.js +++ b/src/pages/index.js @@ -358,6 +358,9 @@ const Page = () => ( Hashicorp Vault + + Hashicorp Vault Transit Secrets Engine + Imperva Data Security Fabric @@ -380,12 +383,6 @@ const Page = () => ( HPE - - Hashicorp Vault Transit Secrets Engine - - - Imperva Data Security Fabric - Nutanix AHV From d7b57ec46a56b3d90e558c97f76351ab2d0c772b Mon Sep 17 00:00:00 2001 From: jkitchens32 Date: Mon, 19 Jun 2023 08:19:17 -0400 Subject: [PATCH 47/61] Added Postgres Distribution Wording --- .../04-ConfiguringTransitSecretsEngine.mdx | 10 ++++++---- .../05-UsingTransitSecretsEngine.mdx | 8 ++++---- .../HashicorpVaultTransitSecretsEngine/07-Support.mdx | 4 ++++ 3 files changed, 14 insertions(+), 8 deletions(-) diff --git a/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/04-ConfiguringTransitSecretsEngine.mdx b/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/04-ConfiguringTransitSecretsEngine.mdx index 937a348706e..1b8697f4745 100644 --- a/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/04-ConfiguringTransitSecretsEngine.mdx +++ b/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/04-ConfiguringTransitSecretsEngine.mdx @@ -3,16 +3,18 @@ title: 'Configuration' description: 'Walkthrough on configuring the integration' --- -Implementing Hashicorp Vault with EDB Postgres Advanced Server version 15.2 and above, requires the following components: +Implementing Hashicorp Vault with EDB Postgres Advanced Server version 15.2 and above or EDB Postgres Extended Server version 15 and above, requires the following components: +!!! Note + The EDB Postgres Advanced Server version 15.2 and above and EDB Postgres Extended Server version 15 and above, products will be referred to as Postgres Distribution. The specific Distribution type will be dependant upon customer need or preference. -- EDB Postgres Advanced Server version 15.2 or above +- An active Postgres Distribution - Hashicorp Vault v1.13.3 - [Pykmip](https://pypi.org/project/PyKMIP/#files) - Python ## Prerequisites -- A running EDB Postgres Advanced Server instance +- A running Postgres Distribution - Hashicorp Vault installed and deployed per your VM environment ## Enable Hashicorp Vault Transit Secrets Engine @@ -29,7 +31,7 @@ Implementing Hashicorp Vault with EDB Postgres Advanced Server version 15.2 and root@ip-172-31-50-151:/home/ubuntu# export VAULT_ADDR='http://127.0.0.1:8200' root@ip-172-31-50-151:/home/ubuntu# export VAULT_TOKEN="hvs.D9lfoRBZYtdJY2t3lG3f6yUa" ``` -4. Before you enable the Transit Secrets Engine you can check your Vault Server status with `vault status` +4. Before you enable the Transit Secrets Engine you can check your Vault Server status with `vault status`. ```bash root@ip-172-31-50-151:/home/ubuntu# vault status Key Value diff --git a/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/05-UsingTransitSecretsEngine.mdx b/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/05-UsingTransitSecretsEngine.mdx index 240d3b40fbf..345f02533ce 100644 --- a/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/05-UsingTransitSecretsEngine.mdx +++ b/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/05-UsingTransitSecretsEngine.mdx @@ -3,10 +3,10 @@ title: 'Using' description: 'Walkthrough of example usage scenarios' --- -After you have configured Hashicorp Vault Transit Secrets Engine as stated in the Configuring section, you will be able to then encrypt your EDB Postgres Advanced Server database. +After you have configured Hashicorp Vault Transit Secrets Engine as stated in the Configuring section, you will be able to then encrypt your Postgres Distribution database. !!! Note - It is important to note that this doc is intended for versions 15.2 and above of EDB Postgres Advanced Server or versions 15 and above of EDB Postgres Extended Server as this version supports Transparent Data Encryption (TDE). + It is important to note that this doc is intended for versions 15.2 and above of EDB Postgres Advanced Server or versions 15 and above of EDB Postgres Extended Server as these versions support Transparent Data Encryption (TDE). After the Hashicorp Vault Transit secrets engine is configured and a user/machine has a Vault token with the proper permissions, this was configured during your install and setup of Transit Secrets Engine, it can use this secrets engine to encrypt a key. @@ -14,7 +14,7 @@ After the Hashicorp Vault Transit secrets engine is configured and a user/machin After you have enabled Hashicorp Vault Transit Secrets Engine and created a key, you will be able to export the PGDATAKEYWRAPCMD and PGDATAKEYUNWRAPCMD to wrap and unwrap your encryption key and initialize your database. -1. Login to your EDB Postgres Advanced Server system as the database superuser, for example `sudo su - enterprisedb`. +1. Login to your Postgres Distribution as the database superuser, for example `sudo su - enterprisedb`. 2. Navigate to the `/bin` directory where your executables live. In our example it is `/usr/lib/edb-as/15/bin`. @@ -213,5 +213,5 @@ key_version 1 ``` As an added note, Hashicorp Vault does not store any data, that is up to the database user. For any more information on Hashicorp Vault Transit Secrets Engine visit the [Hashicorp](https://developer.hashicorp.com/vault/docs/secrets/transit) documentation. -For more information on how TDE is incorporated with EDB Postgres Advanced Server visit the [EDB Transparent Data Encryption](https://www.enterprisedb.com/docs/tde/latest/) documentation. +For more information on how TDE is incorporated with EDB Postgres Advanced Server and EDB Postgres Extended Server visit the [EDB Transparent Data Encryption](https://www.enterprisedb.com/docs/tde/latest/) documentation. diff --git a/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/07-Support.mdx b/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/07-Support.mdx index 1c36ee14f88..423d58ebc43 100644 --- a/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/07-Support.mdx +++ b/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/07-Support.mdx @@ -13,6 +13,10 @@ Technical support for the use of these products is provided by both EDB and Hash Navigate to the `Data` directory in your chosen EDB Postgres Advanced Server instance and from here you can navigate to `log`, `current_logfiles` or you can navigate to the `postgresql.conf` file where you can customize logging options or enable `edb_audit` logs. +**EDB Postgres Extended Server Logs** + +Navigate to the `Data` directory in your chosen EDB Postgres Extended Server instance and from here you can navigate to `log`, or you can navigate to the `postgresql.conf` file where you can customize logging options. An example of the full path to view EDB Postgres Extended logs: `/var/lib/edb-pge/15/data/log`. + ** Hashicorp Vault Logs** Customers can use the `journalctl` function to call logs for Hashicorp Vault. From 725d344791bd2eff1412ab8dfa7d3275b1aee773 Mon Sep 17 00:00:00 2001 From: jkitchens32 Date: Mon, 19 Jun 2023 16:15:20 -0400 Subject: [PATCH 48/61] Guide Edits --- .../02-PartnerInformation.mdx | 4 ++-- .../04-ConfiguringTransitSecretsEngine.mdx | 4 +--- .../Images/HashicorpVaultTransitSecretsEngineArchitecture.png | 3 +++ 3 files changed, 6 insertions(+), 5 deletions(-) create mode 100644 advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/Images/HashicorpVaultTransitSecretsEngineArchitecture.png diff --git a/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/02-PartnerInformation.mdx b/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/02-PartnerInformation.mdx index 3e9395aaa07..488591d9113 100644 --- a/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/02-PartnerInformation.mdx +++ b/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/02-PartnerInformation.mdx @@ -7,6 +7,6 @@ description: 'Details of the Partner' | ----------- | ----------- | | **Partner Name** | Hashicorp | | **Web Site** | https://www.hashicorp.com/ | -| **Partner Product** | Vault | +| **Partner Product** | Vault Transit Secrets Engine | | **Version** | Vault v1.13.3 | -| **Product Description** | Hashicorp Vault is an identity-based secrets and encryption management system. Used in conjunction with EDB Postgres Advanced Server and EDB Postgres Extended Server, it allows users to control access to encryption keys and certificates, as well as perform key management. | \ No newline at end of file +| **Product Description** | Hashicorp Vault is an identity-based secrets and encryption management system. Used in conjunction with EDB Postgres Advanced Server and EDB Postgres Extended Server, Hashicorp Vault Transit secrets engine allows Vault to handle cryptographic functions on data in-transit. | \ No newline at end of file diff --git a/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/04-ConfiguringTransitSecretsEngine.mdx b/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/04-ConfiguringTransitSecretsEngine.mdx index 1b8697f4745..48673145351 100644 --- a/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/04-ConfiguringTransitSecretsEngine.mdx +++ b/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/04-ConfiguringTransitSecretsEngine.mdx @@ -9,8 +9,6 @@ Implementing Hashicorp Vault with EDB Postgres Advanced Server version 15.2 and - An active Postgres Distribution - Hashicorp Vault v1.13.3 -- [Pykmip](https://pypi.org/project/PyKMIP/#files) -- Python ## Prerequisites @@ -55,7 +53,7 @@ root@ip-172-31-50-151:/home/ubuntu# vault secrets enable transit Success! Enabled the transit secrets engine at: transit/ ``` -6. Next you will create your encryption key with an identifiable name. +6. Next you will create your encryption key with an identifiable name. For example: `vault write -f transit/keys/pg-tde-master-1` ```bash root@ip-172-31-50-151:/usr/lib/edb-pge/15/bin# vault write -f transit/keys/pg-tde-master-1 Success! Data written to: transit/keys/pg-tde-master-1 diff --git a/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/Images/HashicorpVaultTransitSecretsEngineArchitecture.png b/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/Images/HashicorpVaultTransitSecretsEngineArchitecture.png new file mode 100644 index 00000000000..2339df92969 --- /dev/null +++ b/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/Images/HashicorpVaultTransitSecretsEngineArchitecture.png @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:0793821162ad7af001a1c4102526c1ea0384954246a938ba042e889f3c0d07d3 +size 377715 From b12a9a1e14033a128ea52ce70a004c1d20c66c82 Mon Sep 17 00:00:00 2001 From: jkitchens32 Date: Tue, 20 Jun 2023 08:11:49 -0400 Subject: [PATCH 49/61] Solution Summary --- .../HashicorpVaultTransitSecretsEngine/03-SolutionSummary.mdx | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/03-SolutionSummary.mdx b/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/03-SolutionSummary.mdx index 633c405ff60..b587ce2eed5 100644 --- a/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/03-SolutionSummary.mdx +++ b/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/03-SolutionSummary.mdx @@ -7,5 +7,6 @@ Hashicorp Vault is an identity-based secrets and encryption management system. U Hashicorp Vault’s primary use case for Transit secrets engine is to encrypt data from applications while simultaneously storing encrypted data in some primary data store. Hashicorp Vault Transit Secrets Engine can also generate hashes, sign and verify data and generate HMAC' of data. -![Hashicorp Vault Transit Secrets Engine Architecture](Images/HashicorpVaultTransitSecretsEngineArchitecture.png) +The below image shows how Hashicorp Vault Transit Secrets Engine works to encrypt and decrypt data. + ![Hashicorp Vault Transit Secrets Engine Architecture](Images/HashicorpVaultTransitSecretsEngineArchitecture.png) From d229a04f80c304ad658e1fae13369cd1444c3e2c Mon Sep 17 00:00:00 2001 From: jkitchens32 Date: Wed, 21 Jun 2023 09:15:24 -0400 Subject: [PATCH 50/61] Solution Summary Update --- .../03-SolutionSummary.mdx | 8 +++++++- ...ashicorpVaultTransitSecretsEngineArchitecture(old).png | 3 +++ .../HashicorpVaultTransitSecretsEngineArchitecture.png | 4 ++-- 3 files changed, 12 insertions(+), 3 deletions(-) create mode 100644 advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/Images/HashicorpVaultTransitSecretsEngineArchitecture(old).png diff --git a/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/03-SolutionSummary.mdx b/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/03-SolutionSummary.mdx index b587ce2eed5..c9c9a3a1ee3 100644 --- a/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/03-SolutionSummary.mdx +++ b/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/03-SolutionSummary.mdx @@ -5,8 +5,14 @@ description: 'Explanation of the solution and its purpose' Hashicorp Vault is an identity-based secrets and encryption management system. Used in conjunction with EDB Postgres Advanced Server versions 15.2 and above or EDB Postgres Extended Server versions 15 and above, it allows users to control access to encryption keys and certificates, as well as perform key management. Using Hashicorp Vault’s Transit secrets engine allows Vault to handle cryptographic functions on data in-transit. Hashicorp Vault Transit secrets engine can be referred to as "encryption as a service". -Hashicorp Vault’s primary use case for Transit secrets engine is to encrypt data from applications while simultaneously storing encrypted data in some primary data store. Hashicorp Vault Transit Secrets Engine can also generate hashes, sign and verify data and generate HMAC' of data. +Hashicorp Vault’s primary use case for Transit secrets engine is to encrypt data from applications while simultaneously storing encrypted data in some primary data store. Hashicorp Vault Transit Secrets Engine can also generate hashes, sign and verify data and generate HMACs of data. Hashicorp Vault Transit Secrets Engine can work with EDB Postgres Advanced Server and EDB Postgres Extended Server by securely storing the the data key that is generated by `initdb`. Normally the key, that lives in `pg_encryption/key.bin`, is stored in plaintext format, but using Hashicorp Vault Transit Secrets Engine as an external key store manages the data encryption key and provides further security to the key itself. The below image shows how Hashicorp Vault Transit Secrets Engine works to encrypt and decrypt data. ![Hashicorp Vault Transit Secrets Engine Architecture](Images/HashicorpVaultTransitSecretsEngineArchitecture.png) +1. User connects to the app. +2. App sends some plaintext data to Vault to encrypt. +3. Hashicorp Vault encrypts the data for security. +4. When the app needs to use the data, Hashicorp Vault decrypts it. +5. The encrypted data is then sent back to the application in ciphertext format. +6. The application stores the ciphertext in a database or in Hashicorp Vault. diff --git a/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/Images/HashicorpVaultTransitSecretsEngineArchitecture(old).png b/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/Images/HashicorpVaultTransitSecretsEngineArchitecture(old).png new file mode 100644 index 00000000000..2339df92969 --- /dev/null +++ b/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/Images/HashicorpVaultTransitSecretsEngineArchitecture(old).png @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:0793821162ad7af001a1c4102526c1ea0384954246a938ba042e889f3c0d07d3 +size 377715 diff --git a/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/Images/HashicorpVaultTransitSecretsEngineArchitecture.png b/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/Images/HashicorpVaultTransitSecretsEngineArchitecture.png index 2339df92969..dfab6b5a10f 100644 --- a/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/Images/HashicorpVaultTransitSecretsEngineArchitecture.png +++ b/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/Images/HashicorpVaultTransitSecretsEngineArchitecture.png @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:0793821162ad7af001a1c4102526c1ea0384954246a938ba042e889f3c0d07d3 -size 377715 +oid sha256:56f28e55b9f1fff2415a94f25dbc4e8cd98e4af9e4889f4d99b84350c7134e99 +size 419446 From 9e0856ffda432d7914008ef1676c1bd374b0b27c Mon Sep 17 00:00:00 2001 From: jkitchens32 Date: Wed, 21 Jun 2023 09:40:09 -0400 Subject: [PATCH 51/61] Grammar error and font change --- .../03-SolutionSummary.mdx | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/03-SolutionSummary.mdx b/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/03-SolutionSummary.mdx index c9c9a3a1ee3..203acb9590a 100644 --- a/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/03-SolutionSummary.mdx +++ b/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/03-SolutionSummary.mdx @@ -5,14 +5,14 @@ description: 'Explanation of the solution and its purpose' Hashicorp Vault is an identity-based secrets and encryption management system. Used in conjunction with EDB Postgres Advanced Server versions 15.2 and above or EDB Postgres Extended Server versions 15 and above, it allows users to control access to encryption keys and certificates, as well as perform key management. Using Hashicorp Vault’s Transit secrets engine allows Vault to handle cryptographic functions on data in-transit. Hashicorp Vault Transit secrets engine can be referred to as "encryption as a service". -Hashicorp Vault’s primary use case for Transit secrets engine is to encrypt data from applications while simultaneously storing encrypted data in some primary data store. Hashicorp Vault Transit Secrets Engine can also generate hashes, sign and verify data and generate HMACs of data. Hashicorp Vault Transit Secrets Engine can work with EDB Postgres Advanced Server and EDB Postgres Extended Server by securely storing the the data key that is generated by `initdb`. Normally the key, that lives in `pg_encryption/key.bin`, is stored in plaintext format, but using Hashicorp Vault Transit Secrets Engine as an external key store manages the data encryption key and provides further security to the key itself. +Hashicorp Vault’s primary use case for Transit secrets engine is to encrypt data from applications while simultaneously storing encrypted data in some primary data store. Hashicorp Vault Transit Secrets Engine can also generate hashes, sign and verify data and generate HMACs of data. Hashicorp Vault Transit Secrets Engine can work with EDB Postgres Advanced Server and EDB Postgres Extended Server by securely storing the data key that is generated by `initdb`. Normally the key, that lives in `pg_encryption/key.bin`, is stored in plaintext format, but using Hashicorp Vault Transit Secrets Engine as an external key store manages the data encryption key and provides further security to the key itself. The below image shows how Hashicorp Vault Transit Secrets Engine works to encrypt and decrypt data. ![Hashicorp Vault Transit Secrets Engine Architecture](Images/HashicorpVaultTransitSecretsEngineArchitecture.png) -1. User connects to the app. -2. App sends some plaintext data to Vault to encrypt. -3. Hashicorp Vault encrypts the data for security. -4. When the app needs to use the data, Hashicorp Vault decrypts it. -5. The encrypted data is then sent back to the application in ciphertext format. -6. The application stores the ciphertext in a database or in Hashicorp Vault. +**1.** User connects to the app. +**2.** App sends some plaintext data to Vault to encrypt. +**3.** Hashicorp Vault encrypts the data for security. +**4.** When the app needs to use the data, Hashicorp Vault decrypts it. +**5.** The encrypted data is then sent back to the application in ciphertext format. +**6.** The application stores the ciphertext in a database or in Hashicorp Vault. From 3dd77bd0c5cdc2c5e23e4cb7b66e378f89306bf5 Mon Sep 17 00:00:00 2001 From: jkitchens32 Date: Wed, 21 Jun 2023 10:04:23 -0400 Subject: [PATCH 52/61] Adding Spacing --- .../03-SolutionSummary.mdx | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/03-SolutionSummary.mdx b/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/03-SolutionSummary.mdx index 203acb9590a..3b180cf4dc1 100644 --- a/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/03-SolutionSummary.mdx +++ b/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/03-SolutionSummary.mdx @@ -11,8 +11,13 @@ The below image shows how Hashicorp Vault Transit Secrets Engine works to encryp ![Hashicorp Vault Transit Secrets Engine Architecture](Images/HashicorpVaultTransitSecretsEngineArchitecture.png) **1.** User connects to the app. + **2.** App sends some plaintext data to Vault to encrypt. + **3.** Hashicorp Vault encrypts the data for security. + **4.** When the app needs to use the data, Hashicorp Vault decrypts it. + **5.** The encrypted data is then sent back to the application in ciphertext format. + **6.** The application stores the ciphertext in a database or in Hashicorp Vault. From 484ae88cc44a6ff85f3ae3a2d82bebb7804d4346 Mon Sep 17 00:00:00 2001 From: jkitchens32 Date: Fri, 23 Jun 2023 13:53:57 -0400 Subject: [PATCH 53/61] Wording Edits --- .../03-SolutionSummary.mdx | 14 +------------- .../04-ConfiguringTransitSecretsEngine.mdx | 8 ++++---- .../05-UsingTransitSecretsEngine.mdx | 6 +++--- .../06-CertificationEnvironment.mdx | 2 +- ...hicorpVaultTransitSecretsEngineArchitecture.png | 4 ++-- 5 files changed, 11 insertions(+), 23 deletions(-) diff --git a/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/03-SolutionSummary.mdx b/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/03-SolutionSummary.mdx index 3b180cf4dc1..375f5732b2a 100644 --- a/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/03-SolutionSummary.mdx +++ b/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/03-SolutionSummary.mdx @@ -3,21 +3,9 @@ title: 'Solution Summary' description: 'Explanation of the solution and its purpose' --- -Hashicorp Vault is an identity-based secrets and encryption management system. Used in conjunction with EDB Postgres Advanced Server versions 15.2 and above or EDB Postgres Extended Server versions 15 and above, it allows users to control access to encryption keys and certificates, as well as perform key management. Using Hashicorp Vault’s Transit secrets engine allows Vault to handle cryptographic functions on data in-transit. Hashicorp Vault Transit secrets engine can be referred to as "encryption as a service". +Hashicorp Vault is an identity-based secrets and encryption management system. Used in conjunction with EDB Postgres Advanced Server versions 15.2 and above or EDB Postgres Extended Server versions 15.2 and above, it allows users to control access to encryption keys and certificates, as well as perform key management. Using Hashicorp Vault’s Transit secrets engine allows Vault to handle cryptographic functions on data in-transit. Hashicorp Vault Transit secrets engine can be referred to as "encryption as a service". Hashicorp Vault’s primary use case for Transit secrets engine is to encrypt data from applications while simultaneously storing encrypted data in some primary data store. Hashicorp Vault Transit Secrets Engine can also generate hashes, sign and verify data and generate HMACs of data. Hashicorp Vault Transit Secrets Engine can work with EDB Postgres Advanced Server and EDB Postgres Extended Server by securely storing the data key that is generated by `initdb`. Normally the key, that lives in `pg_encryption/key.bin`, is stored in plaintext format, but using Hashicorp Vault Transit Secrets Engine as an external key store manages the data encryption key and provides further security to the key itself. The below image shows how Hashicorp Vault Transit Secrets Engine works to encrypt and decrypt data. ![Hashicorp Vault Transit Secrets Engine Architecture](Images/HashicorpVaultTransitSecretsEngineArchitecture.png) - -**1.** User connects to the app. - -**2.** App sends some plaintext data to Vault to encrypt. - -**3.** Hashicorp Vault encrypts the data for security. - -**4.** When the app needs to use the data, Hashicorp Vault decrypts it. - -**5.** The encrypted data is then sent back to the application in ciphertext format. - -**6.** The application stores the ciphertext in a database or in Hashicorp Vault. diff --git a/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/04-ConfiguringTransitSecretsEngine.mdx b/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/04-ConfiguringTransitSecretsEngine.mdx index 48673145351..fcd2c9e2b0c 100644 --- a/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/04-ConfiguringTransitSecretsEngine.mdx +++ b/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/04-ConfiguringTransitSecretsEngine.mdx @@ -3,16 +3,16 @@ title: 'Configuration' description: 'Walkthrough on configuring the integration' --- -Implementing Hashicorp Vault with EDB Postgres Advanced Server version 15.2 and above or EDB Postgres Extended Server version 15 and above, requires the following components: +Implementing Hashicorp Vault with EDB Postgres Advanced Server version 15.2 and above or EDB Postgres Extended Server version 15.2 and above, requires the following components: !!! Note - The EDB Postgres Advanced Server version 15.2 and above and EDB Postgres Extended Server version 15 and above, products will be referred to as Postgres Distribution. The specific Distribution type will be dependant upon customer need or preference. + The EDB Postgres Advanced Server version 15.2 and above and EDB Postgres Extended Server version 15.2 and above, products will be referred to as EDB Postgres distribution. The specific distribution type will be dependant upon customer need or preference. -- An active Postgres Distribution +- EDB Postgres distribution (15.2 or later) - Hashicorp Vault v1.13.3 ## Prerequisites -- A running Postgres Distribution +- A running EDB Postgres distribution - Hashicorp Vault installed and deployed per your VM environment ## Enable Hashicorp Vault Transit Secrets Engine diff --git a/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/05-UsingTransitSecretsEngine.mdx b/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/05-UsingTransitSecretsEngine.mdx index 345f02533ce..997ef875d20 100644 --- a/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/05-UsingTransitSecretsEngine.mdx +++ b/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/05-UsingTransitSecretsEngine.mdx @@ -3,10 +3,10 @@ title: 'Using' description: 'Walkthrough of example usage scenarios' --- -After you have configured Hashicorp Vault Transit Secrets Engine as stated in the Configuring section, you will be able to then encrypt your Postgres Distribution database. +After you have configured Hashicorp Vault Transit Secrets Engine as stated in the Configuring section, you will be able to then encrypt your EDB Postgres distribution database. !!! Note - It is important to note that this doc is intended for versions 15.2 and above of EDB Postgres Advanced Server or versions 15 and above of EDB Postgres Extended Server as these versions support Transparent Data Encryption (TDE). + It is important to note that this doc is intended for versions 15.2 and above of EDB Postgres Advanced Server or versions 15.2 and above of EDB Postgres Extended Server as these versions support Transparent Data Encryption (TDE). After the Hashicorp Vault Transit secrets engine is configured and a user/machine has a Vault token with the proper permissions, this was configured during your install and setup of Transit Secrets Engine, it can use this secrets engine to encrypt a key. @@ -14,7 +14,7 @@ After the Hashicorp Vault Transit secrets engine is configured and a user/machin After you have enabled Hashicorp Vault Transit Secrets Engine and created a key, you will be able to export the PGDATAKEYWRAPCMD and PGDATAKEYUNWRAPCMD to wrap and unwrap your encryption key and initialize your database. -1. Login to your Postgres Distribution as the database superuser, for example `sudo su - enterprisedb`. +1. Login to your EDB Postgres distribution as the database superuser, for example `sudo su - enterprisedb`. 2. Navigate to the `/bin` directory where your executables live. In our example it is `/usr/lib/edb-as/15/bin`. diff --git a/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/06-CertificationEnvironment.mdx b/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/06-CertificationEnvironment.mdx index e03cc996f9b..11263baf41a 100644 --- a/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/06-CertificationEnvironment.mdx +++ b/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/06-CertificationEnvironment.mdx @@ -7,5 +7,5 @@ description: 'Overview of the certification environment' | ----------- | ----------- | | **Certification Test Date** | June 12, 2023 | | **EDB Postgres Advanced Server** | 15.2 | -| **EDB Postgres Extended Server** | 15 | +| **EDB Postgres Extended Server** | 15.2 | | **Hashicorp Vault** | v1.13.3 | \ No newline at end of file diff --git a/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/Images/HashicorpVaultTransitSecretsEngineArchitecture.png b/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/Images/HashicorpVaultTransitSecretsEngineArchitecture.png index dfab6b5a10f..b3c8717b382 100644 --- a/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/Images/HashicorpVaultTransitSecretsEngineArchitecture.png +++ b/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/Images/HashicorpVaultTransitSecretsEngineArchitecture.png @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:56f28e55b9f1fff2415a94f25dbc4e8cd98e4af9e4889f4d99b84350c7134e99 -size 419446 +oid sha256:9b75741ca83107edee593855d5224765f35a49ba6333ee4393948e586afbb4ac +size 241968 From ec5d7257cf6c9007d443ae6dff71c8b8d6dac239 Mon Sep 17 00:00:00 2001 From: jkitchens32 Date: Wed, 5 Jul 2023 10:01:29 -0400 Subject: [PATCH 54/61] Spelling Change --- .../04-ConfiguringTransitSecretsEngine.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/04-ConfiguringTransitSecretsEngine.mdx b/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/04-ConfiguringTransitSecretsEngine.mdx index fcd2c9e2b0c..71822226255 100644 --- a/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/04-ConfiguringTransitSecretsEngine.mdx +++ b/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/04-ConfiguringTransitSecretsEngine.mdx @@ -5,7 +5,7 @@ description: 'Walkthrough on configuring the integration' Implementing Hashicorp Vault with EDB Postgres Advanced Server version 15.2 and above or EDB Postgres Extended Server version 15.2 and above, requires the following components: !!! Note - The EDB Postgres Advanced Server version 15.2 and above and EDB Postgres Extended Server version 15.2 and above, products will be referred to as EDB Postgres distribution. The specific distribution type will be dependant upon customer need or preference. + The EDB Postgres Advanced Server version 15.2 and above and EDB Postgres Extended Server version 15.2 and above, products will be referred to as EDB Postgres distribution. The specific distribution type will be dependent upon customer need or preference. - EDB Postgres distribution (15.2 or later) - Hashicorp Vault v1.13.3 From 1e2162014cc574caacf787555e976fc3d61747ae Mon Sep 17 00:00:00 2001 From: jkitchens32 Date: Mon, 12 Jun 2023 13:45:15 -0400 Subject: [PATCH 55/61] Tech Partner Hashicorp Transit Secrets Engine Guide --- .../02-PartnerInformation.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/02-PartnerInformation.mdx b/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/02-PartnerInformation.mdx index 488591d9113..e1b724bf185 100644 --- a/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/02-PartnerInformation.mdx +++ b/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/02-PartnerInformation.mdx @@ -9,4 +9,4 @@ description: 'Details of the Partner' | **Web Site** | https://www.hashicorp.com/ | | **Partner Product** | Vault Transit Secrets Engine | | **Version** | Vault v1.13.3 | -| **Product Description** | Hashicorp Vault is an identity-based secrets and encryption management system. Used in conjunction with EDB Postgres Advanced Server and EDB Postgres Extended Server, Hashicorp Vault Transit secrets engine allows Vault to handle cryptographic functions on data in-transit. | \ No newline at end of file +| **Product Description** | Hashicorp Vault is an identity-based secrets and encryption management system. Used in conjunction with EDB Postgres Advanced Server and EDB Postgres Extended Server, Hashicorp Vault Transit secrets engine allows Vault to handle cryptographic functions on data in-transit. | From 7b0654762a2a3fd371d4cbefb4d7d2b7c929f432 Mon Sep 17 00:00:00 2001 From: jkitchens32 Date: Mon, 19 Jun 2023 16:15:20 -0400 Subject: [PATCH 56/61] Guide Edits --- .../Images/HashicorpVaultTransitSecretsEngineArchitecture.png | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/Images/HashicorpVaultTransitSecretsEngineArchitecture.png b/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/Images/HashicorpVaultTransitSecretsEngineArchitecture.png index b3c8717b382..cdbe7d41bfd 100644 --- a/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/Images/HashicorpVaultTransitSecretsEngineArchitecture.png +++ b/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/Images/HashicorpVaultTransitSecretsEngineArchitecture.png @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:9b75741ca83107edee593855d5224765f35a49ba6333ee4393948e586afbb4ac -size 241968 +oid sha256:d084b0b001f3b61a0609cff8e3aa8076e8aae7206228bbc8dbeda6a87c63d218 +size 272 From 8af57ba3ea55c598466005ed22d0a1f6450f232f Mon Sep 17 00:00:00 2001 From: jkitchens32 Date: Wed, 21 Jun 2023 09:15:24 -0400 Subject: [PATCH 57/61] Solution Summary Update --- .../Images/HashicorpVaultTransitSecretsEngineArchitecture.png | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/Images/HashicorpVaultTransitSecretsEngineArchitecture.png b/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/Images/HashicorpVaultTransitSecretsEngineArchitecture.png index cdbe7d41bfd..675c6ab5ad2 100644 --- a/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/Images/HashicorpVaultTransitSecretsEngineArchitecture.png +++ b/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/Images/HashicorpVaultTransitSecretsEngineArchitecture.png @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:d084b0b001f3b61a0609cff8e3aa8076e8aae7206228bbc8dbeda6a87c63d218 -size 272 +oid sha256:5bb1632ca9630055645bd3c02721c73e06202cd6ae4ff4a4f015d93d5a98ea02 +size 281 From 216cbb5cf3fc465f29c19e8f1e3270f581e0b6fc Mon Sep 17 00:00:00 2001 From: jkitchens32 Date: Fri, 23 Jun 2023 13:53:57 -0400 Subject: [PATCH 58/61] Wording Edits --- .../Images/HashicorpVaultTransitSecretsEngineArchitecture.png | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/Images/HashicorpVaultTransitSecretsEngineArchitecture.png b/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/Images/HashicorpVaultTransitSecretsEngineArchitecture.png index 675c6ab5ad2..cfdaaf23342 100644 --- a/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/Images/HashicorpVaultTransitSecretsEngineArchitecture.png +++ b/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/Images/HashicorpVaultTransitSecretsEngineArchitecture.png @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:5bb1632ca9630055645bd3c02721c73e06202cd6ae4ff4a4f015d93d5a98ea02 -size 281 +oid sha256:458fb7f4023abe16b7e4623982843cb390b8ff02523ca1a8d6358197b6c46283 +size 271 From f5bf60543c929ead8e49a9e2a6047c41df5fd630 Mon Sep 17 00:00:00 2001 From: jkitchens32 Date: Fri, 7 Jul 2023 15:19:30 -0400 Subject: [PATCH 59/61] Index.js update --- src/pages/index.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/pages/index.js b/src/pages/index.js index 4777462051d..8e93026a7ac 100644 --- a/src/pages/index.js +++ b/src/pages/index.js @@ -358,7 +358,7 @@ const Page = () => ( Hashicorp Vault - + Hashicorp Vault Transit Secrets Engine From fc4223f1d71dc7ed99291ce34b9be33747166543 Mon Sep 17 00:00:00 2001 From: jkitchens32 <106532490+jkitchens32@users.noreply.github.com> Date: Mon, 10 Jul 2023 10:38:01 -0400 Subject: [PATCH 60/61] Update advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/02-PartnerInformation.mdx Co-authored-by: Dee Dee Rothery <83650384+drothery-edb@users.noreply.github.com> --- .../02-PartnerInformation.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/02-PartnerInformation.mdx b/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/02-PartnerInformation.mdx index e1b724bf185..016eedac129 100644 --- a/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/02-PartnerInformation.mdx +++ b/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/02-PartnerInformation.mdx @@ -1,6 +1,6 @@ --- title: 'Partner Information' -description: 'Details of the Partner' +description: 'Details of the partner' --- |   |   | From 8bce6587d7fbd56ccdb97975b98d8f4c497cf610 Mon Sep 17 00:00:00 2001 From: Dj Walker-Morgan Date: Mon, 10 Jul 2023 17:47:19 +0100 Subject: [PATCH 61/61] Update HashicorpVaultTransitSecretsEngineArchitecture.png --- .../Images/HashicorpVaultTransitSecretsEngineArchitecture.png | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/Images/HashicorpVaultTransitSecretsEngineArchitecture.png b/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/Images/HashicorpVaultTransitSecretsEngineArchitecture.png index cfdaaf23342..737f5f90f2f 100644 --- a/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/Images/HashicorpVaultTransitSecretsEngineArchitecture.png +++ b/advocacy_docs/partner_docs/HashicorpVaultTransitSecretsEngine/Images/HashicorpVaultTransitSecretsEngineArchitecture.png @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:458fb7f4023abe16b7e4623982843cb390b8ff02523ca1a8d6358197b6c46283 -size 271 +oid sha256:761c2a76e4a5c18f8aa8d9d7397174acbaf5b2bebc17f19b722d635f6105a287 +size 54691