Versions Compared

Old Version 65

changes.mady.by.user Pavel Pereslegin

Saved on

compared with

New Version 66

changes.mady.by.user Pavel Pereslegin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. re-encryption completed for cache group (and after that at least one checkpoint was completed)
  2. last WAL segment in which the key was used is removed

Fault tolerance

...

Distributed key rotation

The node join is rejected during the encryption key rotation, but this limitation may be revised in the future.

When a node joins the cluster (before/after key rotation), it receives the current encryption keys for the cache groups used for writing (it "rotates" encryption key automatically).
If the encryption key is a new key, then the node sets it for writing and starts the background re-encryption process (it starts re-encryption automatically).
Therefore, a node may leave the cluster during a key change, or a node may be absent and rejoin later (it does not matter if the baseline changes or not).

...

Background re-encryption

If the node stops/fails during re-encryption, after restarting it continue re-encryption from the stored offset:

...