Home > mailing lists

Re: [Proposal] Table-level Transparent Data Encryption (TDE) and KeyManagement Service (KMS) - Mailing list pgsql-hackers

From	Joe Conway
Subject	Re: [Proposal] Table-level Transparent Data Encryption (TDE) and KeyManagement Service (KMS)
Date	June 16, 2019 19:42:55
Msg-id	e00518eb-5188-2433-679c-6c4da8e26218@joeconway.com Whole thread Raw
In response to	Re: [Proposal] Table-level Transparent Data Encryption (TDE) and KeyManagement Service (KMS) (Bruce Momjian <bruce@momjian.us>)
Responses	Re: [Proposal] Table-level Transparent Data Encryption (TDE) and KeyManagement Service (KMS) Re: [Proposal] Table-level Transparent Data Encryption (TDE) and KeyManagement Service (KMS)
List	pgsql-hackers

Tree view

On 6/16/19 9:45 AM, Bruce Momjian wrote:
> On Sun, Jun 16, 2019 at 07:07:20AM -0400, Joe Conway wrote:
>> In any case it doesn't address my first point, which is limiting the
>> volume encrypted with the same key. Another valid reason is you might
>> have data at varying sensitivity levels and prefer different keys be
>> used for each level.
>
> That seems quite complex.


How? It is no more complex than encrypting at the tablespace level
already gives you - in that case you get this property for free if you
care to use it.

Joe

--
Crunchy Data - http://crunchydata.com
PostgreSQL Support for Secure Enterprises
Consulting, Training, & Open Source Development

Attachment

signature.asc

pgsql-hackers by date:

From: Corey Huinker
Date: 16 June 2019, 18:47:45
Subject: Re: Extracting only the columns needed for a query

From: Joe Conway
Date: 16 June 2019, 19:45:13
Subject: Re: [Proposal] Table-level Transparent Data Encryption (TDE) and KeyManagement Service (KMS)

Re: [Proposal] Table-level Transparent Data Encryption (TDE) and KeyManagement Service (KMS) - Mailing list pgsql-hackers

Attachment

Previous

Next