pgx_open_keystore opens the keystore.
Only superusers can execute this function. Also, this function cannot be executed within a transaction block.
The pgx_open_keystore function uses the specified user pin or passphrase to open the keystore. When the keystore is opened, it enables access to the master encryption key. In this way, you can access the encrypted data and create encrypted tablespaces. If you are using a file-based key store, and the keystore is already open, this function returns an error.
pgx_open_keystore makes available (opens a keystore) a master encryption key on a key management system that has already been declared for use. The keystore cannot be opened unless it has been declared to use a master encryption key.
If the keystore is already open, use the credentials you entered to reconnect to the key management system.
Specify the authentication information for connecting to the key management system. Arguments must be specified in naming notation. The information you pass in the argument depends on the key management system you use.
If the key management system information file specifies an obfuscated credentials file, the file is recreated with the new credentials.
The following arguments are specified in naming notation.
sslpassphrase text
Specifies the passphrase of the client certificate private key file when connecting to the KMIP server. This can be omitted if no passphrase is set in the private key file.
The following arguments are specified in naming notation.
kms_secret text
Confidential information passed to the plugin. It can be omitted if it is not necessary for using the key management system. Whether or not it can be omitted depends on the implementation of the plugin.
Example
To specify the passphrase mykmippassphrase for the client certificate private key file in naming notation:
SELECT pgx_open_keystore( sslpassphrase => 'mykmippassphrase' );
