Home > mailing lists

Re: [HACKERS] WIP: Data at rest encryption - Mailing list pgsql-hackers

From	Peter Eisentraut
Subject	Re: [HACKERS] WIP: Data at rest encryption
Date	June 15, 2017 03:36:16
Msg-id	9cea5160-c64b-0b9e-d4b7-c57db2a696be@2ndquadrant.com Whole thread Raw
In response to	Re: [HACKERS] WIP: Data at rest encryption (Stephen Frost <sfrost@snowman.net>)
Responses	Re: [HACKERS] WIP: Data at rest encryption (Stephen Frost <sfrost@snowman.net>)
List	pgsql-hackers

Tree view

On 6/13/17 18:11, Stephen Frost wrote:
>> Let's see a proposal in those terms then.  How easy can you make it,
>> compared to existing OS-level solutions, and will that justify the
>> maintenance overhead?
> From the original post on this thread, which included a WIP patch:
> 
> ----------------------------------
> Usage
> =====
> 
> Set up database like so:
> 
>     (read -sp "Postgres passphrase: " PGENCRYPTIONKEY; echo;
>      export PGENCRYPTIONKEY
>      initdb -k -K pgcrypto $PGDATA )
> 
> Start PostgreSQL:
> 
>     (read -sp "Postgres passphrase: " PGENCRYPTIONKEY; echo;
>      export PGENCRYPTIONKEY
>      postgres $PGDATA )
> ----------------------------------

Relying on environment variables is clearly pretty crappy.  So if that's
the proposal, then I think it needs to be better.

-- 
Peter Eisentraut              http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services

pgsql-hackers by date:

From: Peter Eisentraut
Date: 15 June 2017, 03:32:06
Subject: Re: [HACKERS] WIP: Data at rest encryption

From: Stephen Frost
Date: 15 June 2017, 03:41:19
Subject: Re: [HACKERS] WIP: Data at rest encryption

Re: [HACKERS] WIP: Data at rest encryption - Mailing list pgsql-hackers

Previous

Next