Re: Will PostgreSQL 16 supports native transparent data encryption ? - Mailing list pgsql-general

From Ron
Subject Re: Will PostgreSQL 16 supports native transparent data encryption ?
Date
Msg-id d99415a7-0b18-e3b4-8e83-a2f7c85ee079@gmail.com
Whole thread Raw
In response to Re: Will PostgreSQL 16 supports native transparent data encryption ?  (Stephen Frost <sfrost@snowman.net>)
Responses Re: Will PostgreSQL 16 supports native transparent data encryption ?
List pgsql-general
On 8/24/23 14:08, Stephen Frost wrote:
> Greetings,
>
> * Ron (ronljohnsonjr@gmail.com) wrote:
>> On 8/21/23 18:49, Bruce Momjian wrote:
>>> On Mon, Aug 21, 2023 at 07:02:46PM +0300, Mostafa Fathy wrote:
>>>> It is mentioned here https://www.postgresql.org/about/press/faq/#:~:text=
>>>> Q%3A%20What%20features%20will%20PostgreSQL%2016%20have%3F that native
>>>> transparent data encryption is being worked on and it may be delivered with
>>>> PostgreSQL 16.
>>>>
>>>> Is PostgreSQL 16 beta version includes native transparent data encryption or
>>>> not ? because I checked the docs https://www.postgresql.org/docs/16/index.html
>>>> and couldn't find anything related to transparent data encryption.
>>>>
>>>> If not supported yet in the beta version I would like to know if PostgreSQL 16
>>>> final version will support native transparent data encryption or not?
>>> Not, PG 16 will not support it, and I am unclear if later major versions
>>> will either.
>> That's disappointing, since TDE makes PCI audits that much simpler.
> There's ongoing work happening for TDE support and we'd love to hear
> from folks who would like to see it included.

PgBackRest currently encrypts it's binary backups.

1. What kind of encryption would there be?  AES256 makes the auditors happy.
2. Would TDE-enabled pg_dump create encrypted dump files?
3. Would TDE obviate the need for PgBackRest's encryption?
4. How would encrypted "pg_dump --format=plain" work?  Or could it only work 
with the other formats (which is fine by me)?

>    You can expect an updated patch set for the September commitfest.

For that which will be Pg 17?

> Getting more folks to test it
> and use it and review it would certainly help move it forward.

By any chance, will binaries be created after the September commitfest?  
(Hoops must be jumped through to get development packages installed on the 
database servers I have access to, but I'd jump through them if needed.)

-- 
Born in Arizona, moved to Babylonia.



pgsql-general by date:

Previous
From: duc hiep ha
Date:
Subject: Re: ora2pg -c ora2pg.conf -t COPY -a tablename not working properly
Next
From: pan snowave
Date:
Subject: ident auth does not works as usual