Re: [HACKERS] WIP: Data at rest encryption - Mailing list pgsql-hackers

From Antonin Houska
Subject Re: [HACKERS] WIP: Data at rest encryption
Date
Msg-id 11678.1532519255@localhost
Whole thread Raw
In response to Re: [HACKERS] WIP: Data at rest encryption  (Toshi Harada <harada.toshi@po.ntt-tx.co.jp>)
List pgsql-hackers
Toshi Harada <harada.toshi@po.ntt-tx.co.jp> wrote:

> I am interested in a patch of "WIP: Data at rest encryption".
> This patch("data-at-rest-encryption-wip-2018.06.27.patch") is applied to PostgreSQL 11-beta 2 and it is running.
>
> In the explanation of this patch, since "data stored during logical decoding" is written,
> we tried logical decoding by the test_decoding module, but the following error occurs when creating a slot.
>
>
> pgbench_db=# SELECT * FROM pg_create_logical_replication_slot('my_slot', 'test_decoding');
> ERROR:  invalid magic number B419 in log segment 000000020000000000000010, offset 0
> pgbench_db=#

I could not reproduce this error ...

> (Also, if you run "CREATE SUNSCRIPTION" for logical replication from another server, a similar error will occur.)

... but I succeeded for this. The problem was that a separate XLOG reader
callback is used for logical replication and that did not decrypt the XLOG
page. Fixed in the new version of the patch. Do you still see
pg_create_logical_replication_slot() failing?

> Question.
> In "data-at-rest-encryption-wip-2018.06.27.patch", is logical decoding still not implemented?
> Or is there a need for another logical decoding plug-in for "WIP: Data at rest encryption"?

No, there's nothing special about logical decoding.

--
Antonin Houska
Cybertec Schönig & Schönig GmbH
Gröhrmühlgasse 26, A-2700 Wiener Neustadt
Web: https://www.cybertec-postgresql.com


Attachment

pgsql-hackers by date:

Previous
From: Andrey Klychkov
Date:
Subject: Fwd: Re[2]: Alter index rename concurrently to
Next
From: Antonin Houska
Date:
Subject: Re: "WIP: Data at rest encryption" patch and, 2 phase commit.