PG-1013 Added build comparison table, moved features from index to comparison

documentation/docs/features.md

@@ -0,0 +1,26 @@
+# Build comparison
+
+We provide `pg_tde` builds for both PostgreSQL Community and [Percona Server for PostgreSQL](https://docs.percona.com/postgresql/latest/postgresql-server.html). The difference between the builds is in the set of included features which in turn depends on the Storage Manager API. While PostgreSQL Community uses the default Storage Manager API, Percona Server for PostgreSQL extends the Storage Manager API enabling to integrate custom storage managers.
+
+## Features
+
+The following table provides the differences between the builds:
+
+| PostgreSQL Community build  | Percona Server for PostgreSQL build <br> |
+|----------------------|-------------------------------|
+| Table encryption: <br> - data tables, <br> - TOAST tables <br> - temporary tables created during the database operation.<br><br> Metadata of those tables is not encrypted. | Table encryption: <br> - data tables, <br> - TOAST tables <br> - temporary tables created during the database operation.<br> - Index data for encrypted tables<br><br> Metadata of those tables is not encrypted.  |
+| Write-Ahead Log (WAL) encryption of data in encrypted tables | Write-Ahead Log (WAL) encryption of data for encrypted and non-encrypted tables  |
+| Multi-tenancy support| Multi-tenancy support |
+| Table-level granularity |Table-level granularity | 
+| Key management via: <br> - HashiCorp Vault; <br> - Local keyfile | Key management via: <br> - HashiCorp Vault; <br> - Local keyfile|
+| | Logical replication of encrypted tables | 
+
+## Future releases
+
+The following is planned for future releases of `pg_tde`:
+
+* KMIP integration for key management
+* Global principal keys 
+
+
+[Get started](install.md){.md-button}

documentation/docs/index.md

@@ -6,37 +6,24 @@
 
     This is the {{release}} version of the extension and is not meant for production use yet. [Release notes](release-notes/release-notes.md)
 
-## What's encrypted
+## Supported PostgreSQL deployments
 
-`pg_tde` encrypts the following:
+ `pg_tde` is provided in database specific builds for:
 
-* User data in tables, including TOAST tables, that are created using the extension. Metadata of those tables is not encrypted. 
-* Write-Ahead Log (WAL) data for tables created using the extension 
-* Temporary tables created during the database operation for data tables created using the extension
+* [Percona Server for PostgreSQL 17](https://docs.percona.com/postgresql/17/postgresql-server.html) as part of Percona Distribution for PostgreSQL 17. This build includes all capabilities and features of `pg_tde`
+* PostgreSQL Community 16.x, PostgreSQL Community 17.0 and Percona Distribution for PostgreSQL 16.0. This build provides limited capabilities. Namely, index level encryption is not supported as it requires the use of a custom storage manager.
+
+[Compare builds](features.md){.md-button}
+[Get started](install.md){.md-button}
 
 ## Known limitations
 
 * Logical replication is not available as it doesn't work with encrypted tables.
 * Keys in the local keyfile are stored unencrypted.
-* Indexes and `NULL` bitmaps of tuples are currently not encrypted. 
+* System tables are currently not encrypted
 
 <i warning>:material-alert: Warning:</i> Note that introducing encryption/decryption affects performance. Our benchmark tests show less than 10% performance overhead for most situations. However, in some specific applications such as those using JSONB operations, performance degradation might be higher.
 
-[Get started](install.md){.md-button}
-
-## Supported PostgreSQL versions
-
-`pg_tde` is currently based on PostgreSQL 16.0 and supported for Percona Distribution for PostgreSQL 16.x and upstream PostgreSQL 16.x. 
-
-## Future releases
-
-The following is planned for future releases of `pg_tde`:
-
-* Encryption of indexes and `NULL` bitmaps of tuples
-* Logical replication support
-
-
-
 ## Useful links
 
 * [What is Transparent Data Encryption](tde.md)

documentation/docs/release-notes/release-notes.md

@@ -4,6 +4,30 @@
 
 [Get started](../install.md){.md-button}
 
+## Beta 2 ()
+
+With this release, `pg_tde` extension offers two database specific builds:
+
+*  The build for PostgreSQL Community provides only the `tde_heap_basic` access method using which youcan introduce table encryption and WAL encryption for data in the encrypted tables. Index data however,remains unencrypted.
+* The build for [Pecrcona Server for PostgreSQL]() provides the `tde_heap_basic` and the `tde_heap`access methods. The latter enables you to encrypt index data in encrypted tables thus increasing the safety of your sensitive data. Note that this is an experimental functionality; therefore, do not use it on production environments.
+
+The Beta 2 version introduces the following features and improvements:
+
+* You can now enable index encryption for encrypted tables and WAL data for both encrypted and unencrypted table using the `tde_heap` access method. To use this access method, you must install Percona Server for PostgreSQL. Note that this is an experimental access method; therefore, do not use it on production environments.
+* Added event triggers to identify index creation operations on encrypted tables and store those in a custom storage
+* Exposed Storage Manager API and added the usage of Initialization vector (IV) in it. 
+* WAL encryption improvements:
+
+   * Added a global key to encrypt WAL data in global space
+   * Added WAL key management
+
+* Keyring improvements include the following:
+
+    * Renamed functions to point their usage for principal key management
+    * Improved keyring provider management across databases and the global space.
+    * Keyring configuration now uses common JSON API. This simplifies code handling and enables frontend tools like `pg_waldump` to read the code thus improving debugging.
+
+
 ## Beta (2024-06-30)
 
 With this version, the access method for `pg_tde` extension is renamed `tde_heap_basic`. Use this access method name to create tables. Find guidelines in [Test TDE](../test.md) tutorial.

documentation/mkdocs.yml

@@ -155,7 +155,8 @@ extra:
 
 nav:
   - Home: index.md
-  - tde.md
+  - tde.md 
+  - features.md
   - Get started:
     - "Install": "install.md"
     - "Via apt": apt.md