The PostgreSQL Recovery Kit supports the transparent data encryption provided by FUJITSU Software Enterprise Postgres as long as the following requirements are met.
- Do not use database multiplexing mode
- Tablespace directories are located on a drive (shared or mirrored disk) protected by volume resources
- Use the same master encryption key on both nodes
- Set auto-open on both nodes
The following settings are recommended:
- Place the keystore storage directory on the local drive (C: drive) of the primary node and secondary node.
Perform the following steps:
- [On a primary node] Create a keystore storage folder and allow Administrator access
mkdir c:\key\store\inst1
- [On a primary node] Create a folder for a tablespace and allow Administrator access
mkdir d:\tablespace\inst1
- [On a primary node] Edit \inst1\postgresql.conf and add the following lines
keystore_location = 'C:\\key\\store\\inst1'
- Take the PostgreSQL resource out of service and then bring it back in service.
- [On a primary node] Set the master encryption key
psql -d postgres SELECT pgx_set_master_key('<password>');
- [On a primary node] Create a tablespace
psql -d postgres CREATE TABLESPACE secure_tablespace LOCATION 'D:\tablespace\inst1' WITH (tablespace_encryption_algorithm = 'AES256' ); SELECT spcname, spcencalgo FROM pg_tablespace ts, pgx_tablespaces tsx WHERE ts.oid = tsx.spctablespace;
- [On a primary node] Create a table
psql -d postgres CREATE TABLE table02 (id integer, name varchar(10)) TABLESPACE secure_tablespace;
- [On a primary node] Set auto-open
pgx_keystore --enable-auto-open C:\key\store\inst1\keystore.ks
- Switchover a PostgreSQL resource hierarchy to the secondary node
- [On a secondary node] Create a keystore storage folder and allow Administrator access
- [On a secondary node] Create a folder for a tablespace and allow Administrator access
- [On a secondary node] Copy the keystore file (C:\key\store\inst1\keystore.ks) from the primary node
- [On a secondary node] Set auto-open
- Switchover the PostgreSQL resource hierarchy to the primary node
Post your comment on this topic.