setting security label in two different tables fails
timreibe opened this issue · comments
Hi everyone,
I have two similar tables, within both I want to encrypt the content of one column (in this example its the column is called secret_column in both tables).
CREATE TABLE table_name1 (
id_1 uuid PRIMARY KEY NOT NULL DEFAULT uuid_generate_v4(),
key_id_1 uuid NOT NULL REFERENCES pgsodium.key(id) DEFAULT (pgsodium.create_key()).id,
nonce_1 bytea NOT NULL DEFAULT pgsodium.crypto_aead_det_noncegen(),
secret_column_1 text NOT NULL DEFAULT 'undefined'::text
);
CREATE TABLE table_name2 (
id_2 uuid PRIMARY KEY NOT NULL DEFAULT uuid_generate_v4(),
key_id_2 uuid NOT NULL REFERENCES pgsodium.key(id) DEFAULT (pgsodium.create_key()).id,
nonce_2 bytea NOT NULL DEFAULT pgsodium.crypto_aead_det_noncegen(),
secret_column_2 text NOT NULL DEFAULT 'undefined'::text
);SECURITY LABEL FOR pgsodium
ON COLUMN table_name1.secret_column_1
IS 'ENCRYPT WITH KEY COLUMN key_id_1 NONCE nonce_1 ASSOCIATED id_1';
SECURITY LABEL FOR pgsodium
ON COLUMN table_name2.secret_column_2
IS 'ENCRYPT WITH KEY COLUMN key_id_2 NONCE nonce_2 ASSOCIATED id_2';I am able to set the security labels for each table separately, but If I want to add both, it fails, giving me the error:
Failed to run sql query: must be owner of relation table_name1I am new to this topic and looked up every source I can find online, but none could solve my problem.
I really appreciate your help!
Thank you in advance
Tim :-)
Hi,
but If I want to add both, it fails, giving me the error
I'm not sure to understand what you try to achieve. What is the command raising you this error?
Thanks,
Hi,
but If I want to add both, it fails, giving me the error
I'm not sure to understand what you try to achieve. What is the command raising you this error?
Thanks,
Hi,
as I was following the docs, I have to set a Security Label for a column I want to encrypt with the key, nonce and associate as parameters.
In my specific case, I have two tables and both have one column that I want to encrypt with pgsodium. So, in my understanding, I have to set a Security Label for each column.
I can set these labels separately, but once I want to the second after I added the first, it gives me this error.
Am I understanding Security Labels wrong?
Hi,
Trying to replicate here, I don't have such an error:
~$ createuser u73
~$ createdb d73 -O u73
~$ psql d73
d73=# create extension "uuid-ossp" ;
CREATE EXTENSION
d73=# create extension pgsodium ;
CREATE EXTENSION
d73=# grant SELECT, REFERENCES on pgsodium.key TO u73 ;
GRANT
d73=# CREATE TABLE table_name1 (
id_1 uuid PRIMARY KEY NOT NULL DEFAULT uuid_generate_v4(),
key_id_1 uuid NOT NULL REFERENCES pgsodium.key(id) DEFAULT (pgsodium.create_key()).id,
nonce_1 bytea NOT NULL DEFAULT pgsodium.crypto_aead_det_noncegen(),
secret_column_1 text NOT NULL DEFAULT 'undefined'::text
);
CREATE TABLE table_name2 (
id_2 uuid PRIMARY KEY NOT NULL DEFAULT uuid_generate_v4(),
key_id_2 uuid NOT NULL REFERENCES pgsodium.key(id) DEFAULT (pgsodium.create_key()).id,
nonce_2 bytea NOT NULL DEFAULT pgsodium.crypto_aead_det_noncegen(),
secret_column_2 text NOT NULL DEFAULT 'undefined'::text
);
CREATE TABLE
CREATE TABLE
d73=# SECURITY LABEL FOR pgsodium
ON COLUMN table_name1.secret_column_1
IS 'ENCRYPT WITH KEY COLUMN key_id_1 NONCE nonce_1 ASSOCIATED id_1';
SECURITY LABEL FOR pgsodium
ON COLUMN table_name2.secret_column_2
IS 'ENCRYPT WITH KEY COLUMN key_id_2 NONCE nonce_2 ASSOCIATED id_2';
SECURITY LABEL
SECURITY LABELThanks @ioguix for trying to replicate. That this works for you shows me, that something must be off within my database. I use Postgresql in Supabase, have you ever made experience with that?
Edit: Found out that I messed up with my pgsodium extension, on a new project it works fine. I solved the issue by dropping the shema pgsodium and re-enabled the pgsodium extension in the database settings.
Thanks again @ioguix for your help!
I use Postgresql in Supabase, have you ever made experience with that?
nope
I solved the issue
great!
Thanks again @ioguix for your help!
you are welcome!