Thread: Unified security key managment

Unified security key managment

From

Bruce Momjian

Date:

22 February 2019, 06:58:16

I know there has been recent discussion about implementing transparent
data encryption (TDE) in Postgres:

    https://www.postgresql.org/message-id/CAD21AoAqtytk0iH6diCJW24oyJdS4roN-VhrFD53HcNP0s8pzA%40mail.gmail.com

I would like to now post a new extension I developed to handle
cryptographic key management in Postgres.  It could be used with TDE,
with pgcrypto, and with an auto-encrypted data type.  It is called
pgcryptokey and can be downloaded from:

    https://momjian.us/download/pgcryptokey/

I am attaching its README file to this email.

The extension uses two-layer key storage, and stores the key in a
Postgres table.  It allows the encryption key to be unlocked by the
client, or at boot time.  (This would need to be modified to be a global
table if it was used for block-level encryption like TDE.)

I am willing to continue to develop this extension if there is interest.
Should I put it on PGXN eventually?  It is something we would want in
/contrib?

-- 
  Bruce Momjian  <bruce@momjian.us>        http://momjian.us
  EnterpriseDB                             http://enterprisedb.com

+ As you are, so once was I.  As I am, so you will be. +
+                      Ancient Roman grave inscription +

Attachment

README