Home > mailing lists

Re: [Proposal] Table-level Transparent Data Encryption (TDE) and Key Management Service (KMS) - Mailing list pgsql-hackers

From	Antonin Houska
Subject	Re: [Proposal] Table-level Transparent Data Encryption (TDE) and Key Management Service (KMS)
Date	June 17, 2019 16:56:15
Msg-id	4262.1560779775@localhost Whole thread Raw
In response to	Re: [Proposal] Table-level Transparent Data Encryption (TDE) and Key Management Service (KMS) (Antonin Houska <ah@cybertec.at>)
List	pgsql-hackers

Tree view

Antonin Houska <ah@cybertec.at> wrote:

> Masahiko Sawada <sawada.mshk@gmail.com> wrote:
> 
> > The cluster-wide TDE eventually encrypts SLRU data and all WAL
> > including non-user data related WAL while table/tablespace TDE doesn't
> > unless we develop such functionality. In addition, the cluster-wide
> > TDE also encrypts system catalogs but in table/tablespace TDE user
> > would be able to control that somewhat. That is, if we developed the
> > cluster-wide TDE first, when we develop table/tablespace TDE on top of
> > that we would need to change TDE so that table/tablespace TDE can
> > encrypt even non-user data related data while retaining its simple
> > user interface, which would rather make the feature complex, I'm
> > concerned.
> 
> Isn't this only a problem of pg_upgrade?

Sorry, this is not a use case for pg_upgrade. Rather it's about a separate
encryption/decryption utility.

-- 
Antonin Houska
Web: https://www.cybertec-postgresql.com

pgsql-hackers by date:

From: Michael Paquier
Date: 17 June 2019, 16:44:46
Subject: Re: pg_log_fatal vs pg_log_error

From: Robert Haas
Date: 17 June 2019, 16:59:50
Subject: Re: POC: Cleaning up orphaned files using undo logs

Re: [Proposal] Table-level Transparent Data Encryption (TDE) and Key Management Service (KMS) - Mailing list pgsql-hackers

Previous

Next