fixes docs and missing initdb help option for commit 978f869b99

Reported-by: Erik Rijkers Discussion: https://postgr.es/m/a27e7bb60fc4c4a1fe960f7b055ba822@xs4all.nl Backpatch-through: master
2020-12-25 14:00:12 -05:00 · 2020-12-25 14:00:12 -05:00 · 26d60f2a6c
commit 26d60f2a6c
parent 08db7c63f3
2 changed files with 6 additions and 4 deletions
--- a/doc/src/sgml/database-encryption.sgml
+++ b/doc/src/sgml/database-encryption.sgml
@ -13,7 +13,7 @@
  log from being able to access the data stored in those files.
  For example, when using cluster file encryption, users who have read
  access to the cluster directories for backup purposes will not be able
-  to decrypt the data stored in the these files.
+  to decrypt the data stored in these files.
 </para>

 <para>
@ -24,7 +24,7 @@
  Key one is used to encrypt write-ahead log (WAL) files.  Two different
  keys are used so that primary and standby servers can use different zero
  (heap/index/temp) keys, but the same one (WAL) key, so that these keys
-  can eventually be rotated by switching the primary to the standby as
+  can eventually be rotated by switching the primary to the standby
  and then changing the WAL key.
 </para>

@ -68,7 +68,7 @@ initdb -D dbname --cluster-key-command='ckey_passphrase.sh'
   During the <command>initdb</command> process, if
   <option>--cluster-key-command</option> is specified, two data-level
   encryption keys are created.   These two keys are then encrypted with
-   the key enryption key (KEK) supplied by the cluster key command before
+   the key encryption key (KEK) supplied by the cluster key command before
   being stored in the database directory.  The key or passphrase that
   derives the key must be supplied from the terminal or stored in a
   trusted key store, such as key vault software, hardware security module.
@ -87,7 +87,7 @@ initdb -D dbname --cluster-key-command='ckey_passphrase.sh'
  </para>

  <para>
-   The data encryption keys are randomly generated and are of 128, 192,
+   The data encryption keys are randomly generated and are 128, 192,
   or 256-bits in length.  They are encrypted by the key encryption key
   (KEK) using Advanced Encryption Standard (<acronym>AES256</acronym>)
   encryption in Galois/Counter Mode (<acronym>GCM</acronym>), which also
--- a/src/bin/initdb/initdb.c
+++ b/src/bin/initdb/initdb.c
@ -2326,6 +2326,8 @@ usage(const char *progname)
 	printf(_("  -R, --authprompt          prompt for a passphrase or PIN\n"));
 	printf(_("  -s, --show                show internal settings\n"));
 	printf(_("  -S, --sync-only           only sync data directory\n"));
+	printf(_("  -u, --copy-encryption-keys=DATADIR\n"
+			 "                            copy the file encryption key from another cluster\n"));
 	printf(_("\nOther options:\n"));
 	printf(_("  -V, --version             output version information, then exit\n"));
 	printf(_("  -?, --help                show this help, then exit\n"));