Home > mailing lists

Re: Moving forward with TDE - Mailing list pgsql-hackers

From	Chris Travers
Subject	Re: Moving forward with TDE
Date	December 17, 2023 09:30:50
Msg-id	170279465004.2631682.1886882000695050104.pgcf@coridan.postgresql.org Whole thread Raw
In response to	Re: Moving forward with TDE [PATCH v3] (David Christensen <david.christensen@crunchydata.com>)
Responses	Re: Moving forward with TDE (Bruce Momjian <bruce@momjian.us>)
List	pgsql-hackers

Tree view

Hi,

I was re-reading the patches here  and there was one thing I didn't understand.

There are provisions for a separation of data encryption keys for primary and replica I see, and these share a single
WALkey.
 

But if I am setting up a replica from the primary, and the primary is already encrypted, then do these forceably share
thesame data encrypting keys?  Is there a need to have (possibly in a follow-up patch) an ability to decrypt and
re-encryptin pg_basebackup (which would need access to both keys) or is this handled already and I just missed it?
 

Best Wishes,
Chris Travers

pgsql-hackers by date:

From: Alexander Lakhin
Date: 17 December 2023, 08:00:00
Subject: Re: [PoC] pg_upgrade: allow to upgrade publisher node

From: Andy Fan
Date: 17 December 2023, 16:46:52
Subject: Re: Is a clearer memory lifespan for outerTuple and innerTuple useful?

Re: Moving forward with TDE - Mailing list pgsql-hackers

Previous

Next