Name
pgx_keystore -- Manages keystore
Synopsis
pgx_keystore [-a|--enable-auto-open] [option...] keystore_location
pgx_keystore [-s|--obfuscate-secret] [option...]Description
pgx_keystore enables auto-open of a keystore.
Options
Enables auto-open of a keystore. This allows the keystore to open automatically without entering the passphrase when the database server starts.
When auto-open is enabled, an obfuscated copy keystore.aks is created in the same directory where the keystore file keystore.ks is stored. To disable auto-open, delete keystore.aks.
Specify the passphrase to open the keystore. If this option is omitted, the prompt to enter the passphrase is displayed.
Specify the absolute or relative path of the keystore file.
Obfuscates the secret information needed to connect to the key management system. By specifying obfuscated private information as an authentication option in the key management system connection information file, the keystore is opened automatically when the database server is started without entering the key management system credentials.
Specify the secret information required to connect to the key management system. If you omit this option, you are prompted for the secret.
Specifies the file that contains the obfuscated secret. If the file already exists, the command terminates abnormally without overwriting it.
Diagnostics
0: Normal exit
Other than 0: Abnormal exit
Notes
This command can be executed whether the database server is running or stopped. It does not connect to the database server.
This command does not connect to the key management system.
Example
Enables automatic keystore opening when using a file-based keystore.
$ pgx_keystore -a /key/store/location/keystore.ks
Enable automatic keystore opening by obfuscating sensitive credentials when using the key management system as a keystore.
$ pgx_keystore -s -o /example/keypassphrase.ksc
Enter secret: