Home > mailing lists

Re: WIP: Data at rest encryption - Mailing list pgsql-hackers

From	Michael Paquier
Subject	Re: WIP: Data at rest encryption
Date	June 13, 2016 08:17:35
Msg-id	CAB7nPqRdw9bbtwo9z7m8SbueXvXqvrj-iSZ=TktOH=BufzEKmg@mail.gmail.com Whole thread Raw
In response to	Re: WIP: Data at rest encryption (Ants Aasma <ants.aasma@gmail.com>)
Responses	Re: WIP: Data at rest encryption (Ants Aasma <ants.aasma@eesti.ee>)
List	pgsql-hackers

Tree view

On Sun, Jun 12, 2016 at 4:13 PM, Ants Aasma <ants.aasma@gmail.com> wrote:
>> I feel separate file is better to include the key data instead of pg_control
>> file.
>
> I guess that would be more flexible. However I think at least the fact
> that the database is encrypted should remain in the control file to
> provide useful error messages for faulty backup procedures.

Another possibility could be always to do some encryption at data-type
level for text data. For example I recalled the following thing while
going through this thread:
https://github.com/nec-postgres/tdeforpg
Though I don't quite understand the use for encrypt.enable in this
code... This has the advantage to not patch upstream.
-- 
Michael

pgsql-hackers by date:

From: Vladimir Borodin
Date: 13 June 2016, 07:58:37
Subject: Re: [PERFORM] 9.4 -> 9.5 regression with queries through pgbouncer on RHEL 6

From: David Rowley
Date: 13 June 2016, 08:36:02
Subject: Re: ERROR: ORDER/GROUP BY expression not found in targetlist

Re: WIP: Data at rest encryption - Mailing list pgsql-hackers

Previous

Next