Re: Transparent Data Encryption (TDE) and encrypted files - Mailing list pgsql-hackers

From Bruce Momjian
Subject Re: Transparent Data Encryption (TDE) and encrypted files
Date
Msg-id 20191002013950.GA28879@momjian.us
Whole thread Raw
In response to Transparent Data Encryption (TDE) and encrypted files  (Bruce Momjian <bruce@momjian.us>)
List pgsql-hackers
On Mon, Sep 30, 2019 at 05:26:33PM -0400, Bruce Momjian wrote:
> For full-cluster Transparent Data Encryption (TDE), the current plan is
> to encrypt all heap and index files, WAL, and all pgsql_tmp (work_mem
> overflow).  The plan is:
> 
>     https://wiki.postgresql.org/wiki/Transparent_Data_Encryption#TODO_for_Full-Cluster_Encryption
> 
> We don't see much value to encrypting vm, fsm, pg_xact, pg_multixact, or
> other files.  Is that correct?  Do any other PGDATA files contain user
> data?

Oh, there is also consideration that the pg_replslot directory might
also contain user data.

-- 
  Bruce Momjian  <bruce@momjian.us>        http://momjian.us
  EnterpriseDB                             http://enterprisedb.com

+ As you are, so once was I.  As I am, so you will be. +
+                      Ancient Roman grave inscription +



pgsql-hackers by date:

Previous
From: Thomas Munro
Date:
Subject: Re: Peripatus: Can someone look?
Next
From: Larry Rosenman
Date:
Subject: Re: Peripatus: Can someone look?