Re: Moving forward with TDE - Mailing list pgsql-hackers

From Chris Travers
Subject Re: Moving forward with TDE
Date
Msg-id 170279465004.2631682.1886882000695050104.pgcf@coridan.postgresql.org
Whole thread Raw
In response to Re: Moving forward with TDE [PATCH v3]  (David Christensen <david.christensen@crunchydata.com>)
Responses Re: Moving forward with TDE
List pgsql-hackers
Hi,

I was re-reading the patches here  and there was one thing I didn't understand.

There are provisions for a separation of data encryption keys for primary and replica I see, and these share a single
WALkey.
 

But if I am setting up a replica from the primary, and the primary is already encrypted, then do these forceably share
thesame data encrypting keys?  Is there a need to have (possibly in a follow-up patch) an ability to decrypt and
re-encryptin pg_basebackup (which would need access to both keys) or is this handled already and I just missed it?
 

Best Wishes,
Chris Travers

pgsql-hackers by date:

Previous
From: Alexander Lakhin
Date:
Subject: Re: [PoC] pg_upgrade: allow to upgrade publisher node
Next
From: Andy Fan
Date:
Subject: Re: Is a clearer memory lifespan for outerTuple and innerTuple useful?