The PostgreSQL Recovery Kit supports the transparent data encryption provided by FUJITSU Software Enterprise Postgres as long as the following requirements are met.

  • Do not use database multiplexing mode
  • Tablespace directories are located on a drive (shared or mirrored disk) protected by volume resources
  • Use the same master encryption key on both nodes
  • Set auto-open on both nodes

The following settings are recommended:

  • Place the keystore storage directory on the local drive (C: drive) of the primary node and secondary node.

Perform the following steps:

  1. [On a primary node] Create a keystore storage folder and allow Administrator access
    mkdir c:\key\store\inst1
    
  2. [On a primary node] Create a folder for a tablespace and allow Administrator access
    mkdir d:\tablespace\inst1
    
  3. [On a primary node] Edit \inst1\postgresql.conf and add the following lines
    keystore_location = 'C:\\key\\store\\inst1'
    
  4. Take the PostgreSQL resource out of service and then bring it back in service.
  5. [On a primary node] Set the master encryption key
    psql -d postgres
    SELECT pgx_set_master_key('<password>');
    
  6. [On a primary node] Create a tablespace
    psql -d postgres
    CREATE TABLESPACE secure_tablespace LOCATION 'D:\tablespace\inst1' WITH (tablespace_encryption_algorithm = 'AES256' );
    SELECT spcname, spcencalgo FROM pg_tablespace ts, pgx_tablespaces tsx WHERE ts.oid = tsx.spctablespace;
    
  7. [On a primary node] Create a table
    psql -d postgres
    CREATE TABLE table02 (id integer,  name varchar(10)) TABLESPACE secure_tablespace;
    
  8. [On a primary node] Set auto-open
    pgx_keystore --enable-auto-open C:\key\store\inst1\keystore.ks
    
  9. Switchover a PostgreSQL resource hierarchy to the secondary node
  10. [On a secondary node] Create a keystore storage folder and allow Administrator access
  11. [On a secondary node] Create a folder for a tablespace and allow Administrator access
  12. [On a secondary node] Copy the keystore file (C:\key\store\inst1\keystore.ks) from the primary node
  13. [On a secondary node] Set auto-open
  14. Switchover the PostgreSQL resource hierarchy to the primary node

Feedback

Was this helpful?

Yes No
You indicated this topic was not helpful to you ...
Could you please leave a comment telling us why? Thank you!
Thanks for your feedback.

Post your comment on this topic.

Post Comment