From 981cb4fdde89e7adb4169c6983ad58f5522339cc Mon Sep 17 00:00:00 2001 From: Betsy Gitelman Date: Thu, 21 Nov 2024 13:55:01 -0500 Subject: [PATCH] Apply suggestions from code review Co-authored-by: gvasquezvargas --- product_docs/docs/tde/15/enabling/enabling_tde_epas.mdx | 2 +- product_docs/docs/tde/15/enabling/postgres_to_extended.mdx | 2 +- product_docs/docs/tde/15/initdb_tde_options.mdx | 2 +- product_docs/docs/tde/15/overview.mdx | 2 +- product_docs/docs/tde/15/secure_key/disabling_key.mdx | 4 ++-- product_docs/docs/tde/15/secure_key/key_rotation.mdx | 2 +- 6 files changed, 7 insertions(+), 7 deletions(-) diff --git a/product_docs/docs/tde/15/enabling/enabling_tde_epas.mdx b/product_docs/docs/tde/15/enabling/enabling_tde_epas.mdx index 612ef802116..d05c9b123b7 100644 --- a/product_docs/docs/tde/15/enabling/enabling_tde_epas.mdx +++ b/product_docs/docs/tde/15/enabling/enabling_tde_epas.mdx @@ -28,7 +28,7 @@ and use pg_upgrade to transfer data from the existing source cluster to the new ## Worked example -This example enables transparent data encryption on EDB Postgres Advanced Server version 16 running on an Ubuntu 22.04 machine. +This example enables TDE on EDB Postgres Advanced Server version 16 running on an Ubuntu 22.04 machine. A similar workflow applies to other versions of EDB Postgres Advanced Server and EDB Postgres Extended Server. The location of the bin and config directories differs depending on your operating system and the Postgres version. diff --git a/product_docs/docs/tde/15/enabling/postgres_to_extended.mdx b/product_docs/docs/tde/15/enabling/postgres_to_extended.mdx index 7a5f7ae65b3..4e9f507e6e4 100644 --- a/product_docs/docs/tde/15/enabling/postgres_to_extended.mdx +++ b/product_docs/docs/tde/15/enabling/postgres_to_extended.mdx @@ -28,7 +28,7 @@ Create a new EDB Postgres Extended Server cluster with TDE enabled and use pg_up ## Worked example -This example upgrades a PostgreSQL 16 instance to EDB Postgres Extended Server 16 while enabling transparent data encryption on an Ubuntu 22.04 machine. The location of the bin and config directories differs depending on your operating system and Postgres versions. +This example upgrades a PostgreSQL 16 instance to EDB Postgres Extended Server 16 while enabling TDE on an Ubuntu 22.04 machine. The location of the bin and config directories differs depending on your operating system and Postgres versions. ### Preparing your upgrade diff --git a/product_docs/docs/tde/15/initdb_tde_options.mdx b/product_docs/docs/tde/15/initdb_tde_options.mdx index 924deab7fbe..9b0387b0f1f 100644 --- a/product_docs/docs/tde/15/initdb_tde_options.mdx +++ b/product_docs/docs/tde/15/initdb_tde_options.mdx @@ -23,7 +23,7 @@ Provides the wrapping/encryption command to protect the data encryption key. If you don't use this option, TDE falls back on the environment variable `PGDATAKEYWRAPCMD`. -If you don't want to apply a wrapping mechanism, Use `-`. +If you don't want to apply a wrapping mechanism, use `-`. ## Option: `--key-unwrap-command=` diff --git a/product_docs/docs/tde/15/overview.mdx b/product_docs/docs/tde/15/overview.mdx index 16b584159dc..b8756512cab 100644 --- a/product_docs/docs/tde/15/overview.mdx +++ b/product_docs/docs/tde/15/overview.mdx @@ -6,7 +6,7 @@ redirects: - /tde/latest/enabling_tde/ --- -If you want to start using transparent data encryption (TDE) on your database, you'll want to either create a TDE-enabled database server or migrate an existing database server to a TDE-enabled environment. It isn't possible to enable TDE on existing instances. +If you want to start using Transparent Data Encryption (TDE) on your database, you'll want to either create a TDE-enabled database server or migrate an existing database server to a TDE-enabled environment. It isn't possible to enable TDE on existing instances. Regardless of whether you're creating a database server from scratch or creating an instance to migrate an existing database server, you have to create a TDE-enabled database by initializing a database cluster using [initdb](https://www.postgresql.org/docs/15/app-initdb.html). diff --git a/product_docs/docs/tde/15/secure_key/disabling_key.mdx b/product_docs/docs/tde/15/secure_key/disabling_key.mdx index 54f92af8819..bdf8edb7e19 100644 --- a/product_docs/docs/tde/15/secure_key/disabling_key.mdx +++ b/product_docs/docs/tde/15/secure_key/disabling_key.mdx @@ -1,9 +1,9 @@ --- title: Disabling the key wrapping -description: Learn how to prevent using a wrapping key. +description: Learn how to omit using a wrapping key. deepToc: true --- If you don't want key wrapping, for example for testing, then you must set the wrap and unwrap commands to the special value `-`. -This setting specifies to use the key from the file without further processing. This approach differs from not setting a wrap or unwrap command at all and from setting either or both to an empty string. Having no wrap or unwrap command set when transparent data encryption is used leaves your data encryption key unsecured and results in a fatal error when running an affected utility program. +This setting specifies to use the key from the file without further processing. This approach differs from not setting a wrap or unwrap command at all and from setting either or both to an empty string. Having no wrap or unwrap command set when TDE is used leaves your data encryption key unsecured and results in a fatal error when running an affected utility program. diff --git a/product_docs/docs/tde/15/secure_key/key_rotation.mdx b/product_docs/docs/tde/15/secure_key/key_rotation.mdx index 0cbe6c43106..a24799b5d33 100644 --- a/product_docs/docs/tde/15/secure_key/key_rotation.mdx +++ b/product_docs/docs/tde/15/secure_key/key_rotation.mdx @@ -6,7 +6,7 @@ deepToc: true To change the master key, manually run the unwrap command, specifying the old key. Then feed the result into the wrap command, specifying the new key. -Equivalently, if the data key is protected by a passphrase, to change the passphrase, run the unwrap command using the old passphrase. Then feed the result into the wrap command using the new passphrase. +If the data key is protected by a passphrase, to change the passphrase, run the unwrap command using the old passphrase. Then feed the result into the wrap command using the new passphrase. You can perform these operations while the database server is running. The wrapped data key in the file is used only on startup. It isn't used while the server is running.