I think this is a very interesting topic, especially for European companies where data sovereignty in the cloud has become critical.
If I understand correctly, the idea is to split users into 'client users' who can see data unencrypted, and 'server users', who are administrators unable to decrypt data.
A few questions:
- how are secrets managed? Do you use a sort of vault to keep encryption keys? Is there a master key to encrypt session keys?
- what about performances? Is it possible to use indexes on encrypted columns?
Hi all,
We have developed an extension, allowing PostgreSQL to run queries over encrypted data. This functionality is achieved via user-defined functions that extend encrypted data types and support commonly used expression operations. Our tests validated its effectiveness with TPC-C and TPC-H benchmarks. You may find the code here: https://github.com/SJTU-IPADS/HEDB.
This PoC is a reimplementation fork while collaborating with a cloud database company; the aim is to enable their DBAs to manage databases without the risk of data leaks, meeting the requirements of laws such as GDPR.
I am wondering if anyone thinks this is a nice feature. If so, I am curious about the steps to further it mature and potentially have it incorporated as a part of PostgreSQL contrib.
