Thread: Unified security key managment
I know there has been recent discussion about implementing transparent data encryption (TDE) in Postgres: https://www.postgresql.org/message-id/CAD21AoAqtytk0iH6diCJW24oyJdS4roN-VhrFD53HcNP0s8pzA%40mail.gmail.com I would like to now post a new extension I developed to handle cryptographic key management in Postgres. It could be used with TDE, with pgcrypto, and with an auto-encrypted data type. It is called pgcryptokey and can be downloaded from: https://momjian.us/download/pgcryptokey/ I am attaching its README file to this email. The extension uses two-layer key storage, and stores the key in a Postgres table. It allows the encryption key to be unlocked by the client, or at boot time. (This would need to be modified to be a global table if it was used for block-level encryption like TDE.) I am willing to continue to develop this extension if there is interest. Should I put it on PGXN eventually? It is something we would want in /contrib? -- Bruce Momjian <bruce@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + As you are, so once was I. As I am, so you will be. + + Ancient Roman grave inscription +