At rest data must be encrypted with a unique client key
Any thoughts on how to pull this off for PostgreSQL stored data?
I looked at this a while ago because I have clients who might require this in the future. ISTM you should be able to have your PG data directory stored on an encrypted filesystem. I believe this will decrease performance, but I have no idea by how much.
Does anyone else have experience with such a setup, or knowledge of how bad the performance hit might be? Or other factors to take into consideration? Thanks.