From e735727c8e6adf1dae4035c99e9ffaf1ece2be05 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Anders=20=C3=85strand?= Date: Wed, 23 Apr 2025 22:03:44 +0200 Subject: [PATCH] Do not encourage root token use for vault We should probably not encourage anyone to use a root token for vault keyring providers. We use "secret_token" elsewhere, so use that consistently. --- contrib/pg_tde/documentation/docs/multi-tenant-setup.md | 4 ++-- contrib/pg_tde/documentation/docs/setup.md | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/contrib/pg_tde/documentation/docs/multi-tenant-setup.md b/contrib/pg_tde/documentation/docs/multi-tenant-setup.md index 2cb9d769800..5a6558208da 100644 --- a/contrib/pg_tde/documentation/docs/multi-tenant-setup.md +++ b/contrib/pg_tde/documentation/docs/multi-tenant-setup.md @@ -83,14 +83,14 @@ You must do these steps for every database where you have created the extension. The Vault server setup is out of scope of this document. ```sql - SELECT pg_tde_add_database_key_provider_vault_v2('provider-name','root_token','url','mount','ca_path'); + SELECT pg_tde_add_database_key_provider_vault_v2('provider-name','secret_token','url','mount','ca_path'); ``` where: * `url` is the URL of the Vault server * `mount` is the mount point where the keyring should store the keys - * `root_token` is an access token with read and write access to the above mount point + * `secret_token` is an access token with read and write access to the above mount point * [optional] `ca_path` is the path of the CA file used for SSL verification :material-information: Warning: This example is for testing purposes only: diff --git a/contrib/pg_tde/documentation/docs/setup.md b/contrib/pg_tde/documentation/docs/setup.md index 814b8791a7c..9e8dbcb51b0 100644 --- a/contrib/pg_tde/documentation/docs/setup.md +++ b/contrib/pg_tde/documentation/docs/setup.md @@ -77,14 +77,14 @@ Load the `pg_tde` at startup time. The extension requires additional shared memo The Vault server setup is out of scope of this document. ``` - SELECT pg_tde_add_global_key_provider_vault_v2('provider-name','root_token','url','mount','ca_path'); + SELECT pg_tde_add_global_key_provider_vault_v2('provider-name','secret_token','url','mount','ca_path'); ``` where: * `url` is the URL of the Vault server * `mount` is the mount point where the keyring should store the keys - * `root_token` is an access token with read and write access to the above mount point + * `secret_token` is an access token with read and write access to the above mount point * [optional] `ca_path` is the path of the CA file used for SSL verification :material-information: Warning: This example is for testing purposes only: