sharpetronics/PostgreSQL
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-05-30 00:02:11 -04:00
Code Issues Projects Releases Wiki Activity

Do not encourage root token use for vault

Browse Source 
We should probably not encourage anyone to use a root token for vault
keyring providers. We use "secret_token" elsewhere, so use that
consistently.
This commit is contained in:
Anders Åstrand 2025-04-23 22:03:44 +02:00 committed by AndersAstrand
parent b7d2f1599f
commit e735727c8e
2 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
contrib/pg_tde/documentation/docs/multi-tenant-setup.md
View File

@ -83,14 +83,14 @@ You must do these steps for every database where you have created the extension.
The Vault server setup is out of scope of this document.
```sql
SELECT pg_tde_add_database_key_provider_vault_v2('provider-name','root_token','url','mount','ca_path');
SELECT pg_tde_add_database_key_provider_vault_v2('provider-name','secret_token','url','mount','ca_path');
```
where:
* `url` is the URL of the Vault server
* `mount` is the mount point where the keyring should store the keys
* `root_token` is an access token with read and write access to the above mount point
* `secret_token` is an access token with read and write access to the above mount point
* [optional] `ca_path` is the path of the CA file used for SSL verification
<i warning>:material-information: Warning:</i> This example is for testing purposes only:

4
contrib/pg_tde/documentation/docs/setup.md
View File

@ -77,14 +77,14 @@ Load the `pg_tde` at startup time. The extension requires additional shared memo
The Vault server setup is out of scope of this document.
```
SELECT pg_tde_add_global_key_provider_vault_v2('provider-name','root_token','url','mount','ca_path');
SELECT pg_tde_add_global_key_provider_vault_v2('provider-name','secret_token','url','mount','ca_path');
```
where:
* `url` is the URL of the Vault server
* `mount` is the mount point where the keyring should store the keys
* `root_token` is an access token with read and write access to the above mount point
* `secret_token` is an access token with read and write access to the above mount point
* [optional] `ca_path` is the path of the CA file used for SSL verification
<i warning>:material-information: Warning:</i> This example is for testing purposes only: