Re: Key management with tests - Mailing list pgsql-hackers
| From | Tom Kincaid |
|---|---|
| Subject | Re: Key management with tests |
| Date | |
| Msg-id | CAKPRjUO9tp+mFtVks0v9Z+GqnevAUgKg7=x5MjrhFb2GpantNw@mail.gmail.com Whole thread Raw |
| In response to | Re: Key management with tests (Stephen Frost <sfrost@snowman.net>) |
| Responses |
Re: Key management with tests
("Moon, Insung" <tsukiwamoon.pgsql@gmail.com>)
Re: Key management with tests (Bruce Momjian <bruce@momjian.us>) |
| List | pgsql-hackers |
Thanks Stephen, Bruce and Masahiko,
> discussions so far and the point behind the design so that everyone
> can understand why this feature is designed in that way. To do that,
> it might be a good start to sort the wiki page since it has data
> encryption part, KMS, and ToDo mixed.
I hope it's pretty clear that I'm also very much in support of both this
effort with the KMS and of TDE in general- TDE is specifically,
repeatedly, called out as a capability whose lack is blocking PG from
being able to be used for certain use-cases that it would otherwise be
well suited for, and that's really unfortunate.
It is clear you are supportive.
As you know, I share your point of view that PG adoption is suffering for certain use cases because it does not have TDE.
I appreciate the recent discussion and reviews of the KMS in particular,
and of the patches which have been sent enabling TDE based on the KMS
patches. Having them be relatively independent seems to be an ongoing
concern and perhaps we should figure out a way to more clearly put them
together. That is- the KMS patches have been posted on one thread, and
TDE PoC patches which use the KMS patches have been on another thread,
leading some to not realize that there's already been TDE PoC work done
based on the KMS patches. Seems like it might make sense to get one
patch set which goes all the way from the KMS and includes the TDE PoC,
even if they don't all go in at once.
Sounds good, thanks Masahiko, let's see if we can get consensus on the approach for moving this forward see below.
together, as a few on this thread have voiced, but there's no doubt that
this is a large project and it's hard to see how we could possibly
commit all of it at once.
I propose that we meet to discuss what approach we want to use to move TDE forward. We then start a new thread with a proposal on the approach and finalize it via community consensus. I will invite Bruce, Stephen and Masahiko to this meeting. If anybody else would like to participate in this discussion and subsequently in the effort to get TDE in PG1x, please let me know. Assuming Bruce, Stephen and Masahiko are down for this, I (or a volunteer from this meeting) will post the proposal for how we move this patch forward in another thread. Hopefully, we can get consensus on that and subsequently restart the execution of delivering this feature.
Thanks!
Stephen
Thomas John Kincaid
pgsql-hackers by date: