Re: Would PostgreSQL 16 native transparent data encryption support database level encryption? - Mailing list pgsql-general

From Stephen Frost
Subject Re: Would PostgreSQL 16 native transparent data encryption support database level encryption?
Date
Msg-id ZGZKN0fQORPPNqc5@tamriel.snowman.net
Whole thread Raw
In response to Would PostgreSQL 16 native transparent data encryption support database level encryption?  (Tony Xu <tony.xu@rubrik.com>)
Responses Re: Would PostgreSQL 16 native transparent data encryption support database level encryption?
Re: Would PostgreSQL 16 native transparent data encryption support database level encryption?
List pgsql-general
Greetings,

* Tony Xu (tony.xu@rubrik.com) wrote:
> The FAQ (copied below) mentioned that native transparent data encryption
> might be included in 16. Is it fair to assume that it will support database
> level encryption, that is, we can use two encryption keys for two databases
> in the same server, respectively? How can one verify that?

The current work to include TDE in PG isn't contemplating a per-database
key option.  What's the use-case for that?  Why do you feel that you'd
need two independent keys?  Also, the general idea currently is that
we'll have one key provided by the user which will be a KEK and then
multiple DEKs (different ones for relation data vs. temporary data vs.
the WAL).

If you're interested in TDE in PG, we could certainly use more folks
being involved and working to push it forward.

Thanks,

Stephen

Attachment

pgsql-general by date:

Previous
From: Tom Lane
Date:
Subject: Re: JSONB operator unanticipated behaviour
Next
From: Adrian Klaver
Date:
Subject: Re: JSONB operator unanticipated behaviour