检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
- -k, --with-key=KEY Uses gsql to decrypt imported encrypted files.
To enable the basic capability of encrypted equality query, change the value to 1.
Select Default for Qualifier. gaussdb:Encrypted boolean Filters access by the tag key that specifies whether to enable disk encryption in the request. Select Default for Qualifier. Parent Topic: Using IAM to Grant Access to GaussDB
Default value: postgresql enable_ce Specifies the encrypted equality query capability.
You can run the SHOW command to check whether the parameters are set successfully. enable_ce Encrypted database function. enable_ce=1 indicates that the Go driver supports the basic capability of encrypted equality query.
database. 1 2 3 4 Prerequisites: You have set the parameters and used the CREATE CLIENT MASTER KEY syntax to create a master key named MyCMK1 by referring to "Setting Encrypted Equality Queries" in Feature Guide.
Precautions Currently, you can change only the permissions for tables (including views), sequences, functions, client master keys of encrypted databases, column encryption keys, and types.
CMKs are used to encrypt column encryption keys (CEKs) for the encrypted database feature. CMK definition includes creating and deleting a CMK. For details about related SQL statements, see Table 3.
Table 3 SQL statements for defining a CMK Function SQL Statement Creating a CMK CREATE CLIENT MASTER KEY Dropping a CMK DROP CLIENT MASTER KEY Defining a Column Encryption Key (CEK) CEKs are used to encrypt data for the encrypted database feature.
table. 1 2 3 4 5 6 7 8 gaussdb=# SET SESSION AUTHORIZATION newuser PASSWORD '********'; gaussdb=> CREATE TABLE acltest1 (x int, x2 varchar(50) ENCRYPTED WITH (COLUMN_ENCRYPTION_KEY = MyCEK1, ENCRYPTION_TYPE = DETERMINISTIC)); CREATE TABLE gaussdb=> SELECT has_cek_privilege('newuser
Connect to an encrypted database. 1 2 3 4 5 6 -- Use the -C parameter to enable the encrypted database function. gsql -p 57101 postgres -r -C gaussdb=# CREATE CLIENT MASTER KEY MyCMK1 WITH ( KEY_STORE = xxx , KEY_PATH = xxx , ALGORITHM = AES_256_CBC); CREATE CLIENT MASTER KEY gaussdb
Connect to an encrypted database. 1 2 3 4 5 6 -- Use the -C parameter to enable the encrypted database function. gsql -p 57101 gaussdb -r -C gaussdb=# CREATE CLIENT MASTER KEY MyCMK1 WITH ( KEY_STORE = xxx, KEY_PATH = xxx, ALGORITHM = AES_256_CBC); CREATE CLIENT MASTER KEY gaussdb
Precautions Currently, you can change only the permissions for tables (including views), sequences, functions, client master keys of encrypted databases, column encryption keys, and types.
Compared with the PG driver, the GaussDB JDBC driver has the following enhanced features: SHA-256 is supported for encrypted login. The third-party log framework that implements the sf4j API can be connected. DR failover is supported.
Precautions Currently, you can change only the permissions for tables (including views), sequences, functions, types, CMKs of encrypted databases, and CEKs.
COLUMN_ENCRYPTION_KEY = column_encryption_key Specifies the name of the column encryption key in the ENCRYPTED WITH constraint. Value range: a string. It must comply with the Identifier Naming Conventions.
Compared with the PG driver, the GaussDB JDBC driver has the following enhanced features: SHA-256 is supported for encrypted login. The third-party log framework that implements the sf4j API can be connected. DR failover is supported.
Precautions Currently, you can change only the permissions for tables (including views), sequences, functions, types, client master keys of encrypted databases, and column encryption keys.
The following object types do not support flashback: system catalogs, DFS tables, global temporary tables, local temporary tables, unlogged tables, sequence tables, encrypted tables, and hash bucket tables. Flashback is not supported for tables that contain user-defined types.
The following object types do not support flashback: system catalogs, DFS tables, global temporary tables, local temporary tables, unlogged tables, sequence tables, encrypted tables, and hash bucket tables. Flashback is not supported for tables that contain user-defined types.
