pgx_open_keystore opens the keystore.
Only superusers can execute this function. Also, this function cannot be executed within a transaction block.
The pgx_open_keystore function uses the specified passphrase to open the keystore. When the keystore is opened, the master encryption key is loaded into the database server memory. In this way, you can access the encrypted data and create encrypted tablespaces. If the keystore is already open, this function returns an error.
pgx_open_keystore makes available (opens a keystore) a master encryption key on a key management system that has already been declared for use. The keystore cannot be opened unless it has been declared to use a master encryption key.
If the keystore is already open, use the credentials you entered to reconnect to the key management system.
Specify the authentication information for connecting to the key management system. Arguments must be specified in naming notation. The information you pass in the argument depends on the key management system you use.
If the key management system information file specifies an obfuscated credentials file, the file is recreated with the new credentials.
The following arguments are specified in naming notation.
sslpassphrase text
Specifies the passphrase of the client certificate private key file when connecting to the KMIP server. This can be omitted if no passphrase is set in the private key file.
The following arguments are specified in naming notation.
kms_secret text
Confidential information passed to the plugin. It can be omitted if it is not necessary for using the key management system. Whether or not it can be omitted depends on the implementation of the plugin.
Example
To specify the passphrase mykmippassphrase for the client certificate private key file in naming notation:
SELECT pgx_open_keystore( sslpassphrase => 'mykmippassphrase' );
