On Tue, Feb 1, 2022 at 12:50 Bruce Momjian <bruce@momjian.us> wrote:
On Tue, Feb 1, 2022 at 07:45:06AM +0100, Antonin Houska wrote: > > With pg_upgrade modified to preserve the relfilenode, tablespace oid, and > > database oid, we are now closer to implementing cluster file encryption > > using XTS. I think we have a few steps left: > > > > 1. modify temporary file I/O to use a more centralized API > > 2. modify the existing cluster file encryption patch to use XTS with a > > IV that uses more than the LSN > > 3. add XTS regression test code like CTR > > 4. create WAL encryption code using CTR > > > > If we can do #1 in PG 15 I think I can have #2 ready for PG 16 in July. > > The feature wiki page is: > > > > https://wiki.postgresql.org/wiki/Transparent_Data_Encryption > > > > Do people want to advance this feature forward? > > I confirm that we (Cybertec) do and that we're ready to spend more time on the > community implementation.
Well, I sent an email a week ago asking if people want to advance this feature forward, and so far you are the only person to reply, which I think means there isn't enough interest in this feature to advance it.
This confuses me. Clearly there’s plenty of interest, but asking on hackers in a deep old sub thread isn’t a terribly good way to judge that. Yet even when there is an active positive response, you argue that there isn’t enough.
In general, I agree that the items you laid out are what the next steps are. There are patches for some of those items already too and some of them, such as consolidating the temporary file access, are beneficial even without the potential to use them for encryption.
Instead of again asking if people want this feature (many, many, many do), I’d encourage Antonin to start a new thread with the patch to do the temporary file access consolidation which then provides a buffered access and reduces the number of syscalls and work towards getting that committed, ideally as part of this release.
