Re: Application Level Encryption - Mailing list pgsql-general

pgosodium currently supports the following approach: you store your Data Encryption Key (DEK) on the local filesystem that is encrypted by the Key Encryption Key (KEK) stored in google's KMS.  When the server boots, pgsodium calls a script "pgsodium_getkey" that can decrypt the DEK via googles REST API (you would have to supply this script), this decrypted key is then stored in server memory, but is not accessible to SQL non-superusers (it is possible with contortions for a superuser to get the key depending on how you set it up).  The decrypted DEK is then used to "derive" keys used by the application by key id.  You only ever store the key ids, never the keys.  You can now encrypt and decrypt data with the given key id.  Keys also have an 8 byte "context" so key 1 in context "tenant01"  is different from key 1 in "tenant02".  You can derive up to bigint keys per context, so you can use a different key id for every row of data, if you want to go that far.  There's an example of that in the docs.

Further steps can include deleting the getkey script and the stored encrypted DEK after server startup.  If the server reboots you must orchestrate how to place those back for startup to procede.

Note that any extension can always access all server memory, so be careful what you install.

I'm working on an approach where the decrypted DEK only lives for the lifetime of a transaction, this means hitting the kms on every transaction that uses keys.  It will be slower, but the time the decrypted key stays in memory would be minimized.

-Michel