On 8/3/21 8:43 AM, Luca Ferrari wrote:
> On Tue, Aug 3, 2021 at 1:03 PM Vikas Sharma <shavikas@gmail.com> wrote:
>> My question is, can I use the gpg public/secret key instead of the 'Secret password' in above
PGP_Sym_encrypt/decrypt? I can create a wrapper function to read the public/secret keys to hide it from appearing as
cleartext.
>
> I think you are looking for something like:
>
> pgp_pub_encrypt( clear_text,
> dearmor( '-----BEGIN PGP PUBLIC KEY BLOCK-----
> ...
> -----END PGP PUBLIC KEY BLOCK-----' ) );
>
>
>>
>> still researching how to encrypt a column with sensitive data as a best practice to use in OLTP production with
minimalimpact on performance.
>
> Clearly, as you add more stuff to do, performances will be lower. I
> strongly recommend you to analyze if column encryption is really what
> you need for your purposes, because in my little experience it is
> often too much work with regard to other approaches (e.g., disk and
> backup encryption).
Generally agreed. This topic is vast and complex and probably beyond
what most people want to discuss by typing (at least for me) ;-)
That said, you might find this extension written by Bruce Momjian useful:
https://momjian.us/download/pgcryptokey/
HTH,
Joe
--
Crunchy Data - http://crunchydata.com
PostgreSQL Support for Secure Enterprises
Consulting, Training, & Open Source Development
