Postgres Pro
Downloads
Home   >   mailing lists

Thread: PostGreSQL TDE encryption patch

PostGreSQL TDE encryption patch

From
"Bhalodiya, Chirag"
Date:
Hi,

We are migrating our product to PostGreSQL from Oracle and as part of HIPPA(https://en.wikipedia.org/wiki/Health_Insurance_Portability_and_Accountability_Act) guidelines, we have a requirement to encrypt entire tablespace/specific tables using Transparent data encryption(TDE).

I was looking at TDE solution in PostGreSQL and went through following wiki:
https://wiki.postgresql.org/wiki/Transparent_Data_Encryption 

I found following TDE patch from this wiki:  
https://www.postgresql.org/message-id/CAD21AoBjrbxvaMpTApX1cEsO%3D8N%3Dnc2xVZPB0d9e-VjJ%3DYaRnw%40mail.gmail.com  

However, I am not sure how to apply this patch and I had the following questions:
1. We are using PostGreSQL 12. Is it possible to apply patches on top of existing PostGreSQL installation?
2. Will it be available anytime sooner with a major release like PostGreSQL 13? 

Regards,
Chirag.

RE: PostGreSQL TDE encryption patch

From
Patrick FICHE
Date:

Hi

 

CYBERTEC provided good installation guide (https://www.cybertec-postgresql.com/en/products/postgresql-transparent-data-encryption/).

 

Here is their answer to your question :

Q: Can I upgrade to an encrypted database?
A: In place encryption of existing clusters is currently not supported. A dump and reload to an encrypted instance is required, or logical replication can be used to perform the migration online.

 

Regards,

 

Patrick Fiche

Database Engineer, Aqsacom Sas.

c. 33 6 82 80 69 96

 

01-03_AQSA_Main_Corporate_Logo_JPEG_White_Low.jpg

 

From: Bhalodiya, Chirag <chirag.bhalodiya@contractors.roche.com>
Sent: Thursday, June 25, 2020 9:50 AM
To: pgsql-general@postgresql.org
Subject: PostGreSQL TDE encryption patch

 

Hi,

 

We are migrating our product to PostGreSQL from Oracle and as part of HIPPA(https://en.wikipedia.org/wiki/Health_Insurance_Portability_and_Accountability_Act) guidelines, we have a requirement to encrypt entire tablespace/specific tables using Transparent data encryption(TDE).

 

I was looking at TDE solution in PostGreSQL and went through following wiki:

 

I found following TDE patch from this wiki:  

 

However, I am not sure how to apply this patch and I had the following questions:

1. We are using PostGreSQL 12. Is it possible to apply patches on top of existing PostGreSQL installation?

2. Will it be available anytime sooner with a major release like PostGreSQL 13? 

 

Regards,

Chirag.

Attachment

Re: PostGreSQL TDE encryption patch

From
"Bhalodiya, Chirag"
Date:
Hi Patrick,

Thanks for the information. I was looking for out of box postgre solution so wanted to know how to apply following patch on top of my postgre 12 installation:


Regards,
Chirag.  

On Thu, Jun 25, 2020 at 3:33 PM Patrick FICHE <Patrick.Fiche@aqsacom.com> wrote:

Hi

 

CYBERTEC provided good installation guide (https://www.cybertec-postgresql.com/en/products/postgresql-transparent-data-encryption/).

 

Here is their answer to your question :

Q: Can I upgrade to an encrypted database?
A: In place encryption of existing clusters is currently not supported. A dump and reload to an encrypted instance is required, or logical replication can be used to perform the migration online.

 

Regards,

 

Patrick Fiche

Database Engineer, Aqsacom Sas.

c. 33 6 82 80 69 96

 

01-03_AQSA_Main_Corporate_Logo_JPEG_White_Low.jpg

 

From: Bhalodiya, Chirag <chirag.bhalodiya@contractors.roche.com>
Sent: Thursday, June 25, 2020 9:50 AM
To: pgsql-general@postgresql.org
Subject: PostGreSQL TDE encryption patch

 

Hi,

 

We are migrating our product to PostGreSQL from Oracle and as part of HIPPA(https://en.wikipedia.org/wiki/Health_Insurance_Portability_and_Accountability_Act) guidelines, we have a requirement to encrypt entire tablespace/specific tables using Transparent data encryption(TDE).

 

I was looking at TDE solution in PostGreSQL and went through following wiki:

 

I found following TDE patch from this wiki:  

 

However, I am not sure how to apply this patch and I had the following questions:

1. We are using PostGreSQL 12. Is it possible to apply patches on top of existing PostGreSQL installation?

2. Will it be available anytime sooner with a major release like PostGreSQL 13? 

 

Regards,

Chirag.

Attachment

Re: PostGreSQL TDE encryption patch

From
Bruce Momjian
Date:
On Thu, Jun 25, 2020 at 04:20:06PM +0530, Bhalodiya, Chirag wrote:
> Hi Patrick,
> 
> Thanks for the information. I was looking for out of box postgre solution so
> wanted to know how to apply following patch on top of my postgre 12
> installation:
> https://www.postgresql.org/message-id/
> CAD21AoBjrbxvaMpTApX1cEsO%3D8N%3Dnc2xVZPB0d9e-VjJ%3DYaRnw%40mail.gmail.com  

The patch is for developers and not for production use.

---------------------------------------------------------------------------


> 
> 
> Regards,
> Chirag.  
> 
> On Thu, Jun 25, 2020 at 3:33 PM Patrick FICHE <Patrick.Fiche@aqsacom.com>
> wrote:
> 
> 
>     Hi
> 
>      
> 
>     CYBERTEC provided good installation guide (https://
>     www.cybertec-postgresql.com/en/products/
>     postgresql-transparent-data-encryption/).
> 
>      
> 
>     Here is their answer to your question :
> 
>     Q: Can I upgrade to an encrypted database?
>     A: In place encryption of existing clusters is currently not supported. A
>     dump and reload to an encrypted instance is required, or logical
>     replication can be used to perform the migration online.
> 
>      
> 
>     Regards,
> 
>      
> 
>     Patrick Fiche
> 
>     Database Engineer, Aqsacom Sas.
> 
>     c. 33 6 82 80 69 96
> 
>      
> 
>     01-03_AQSA_Main_Corporate_Logo_JPEG_White_Low.jpg
> 
>      
> 
>     From: Bhalodiya, Chirag <chirag.bhalodiya@contractors.roche.com>
>     Sent: Thursday, June 25, 2020 9:50 AM
>     To: pgsql-general@postgresql.org
>     Subject: PostGreSQL TDE encryption patch
> 
>      
> 
>     Hi,
> 
>      
> 
>     We are migrating our product to PostGreSQL from Oracle and as part of HIPPA
>     (https://en.wikipedia.org/wiki/
>     Health_Insurance_Portability_and_Accountability_Act) guidelines, we have a
>     requirement to encrypt entire tablespace/specific tables using Transparent
>     data encryption(TDE).
> 
>      
> 
>     I was looking at TDE solution in PostGreSQL and went through following
>     wiki:
> 
>     https://wiki.postgresql.org/wiki/Transparent_Data_Encryption 
> 
>      
> 
>     I found following TDE patch from this wiki:  
> 
>     https://www.postgresql.org/message-id/
>     CAD21AoBjrbxvaMpTApX1cEsO%3D8N%3Dnc2xVZPB0d9e-VjJ%3DYaRnw%40mail.gmail.com
>       
> 
>      
> 
>     However, I am not sure how to apply this patch and I had the
>     following questions:
> 
>     1. We are using PostGreSQL 12. Is it possible to apply patches on top of
>     existing PostGreSQL installation?
> 
>     2. Will it be available anytime sooner with a major release like PostGreSQL
>     13? 
> 
>      
> 
>     Regards,
> 
>     Chirag.
> 



-- 
  Bruce Momjian  <bruce@momjian.us>        https://momjian.us
  EnterpriseDB                             https://enterprisedb.com

  The usefulness of a cup is in its emptiness, Bruce Lee

Re: PostGreSQL TDE encryption patch

From
"Bhalodiya, Chirag"
Date:
Ok, thanks for the clarification. 

On Thu, Jun 25, 2020 at 11:35 PM Bruce Momjian <bruce@momjian.us> wrote:
On Thu, Jun 25, 2020 at 04:20:06PM +0530, Bhalodiya, Chirag wrote:
> Hi Patrick,
>
> Thanks for the information. I was looking for out of box postgre solution so
> wanted to know how to apply following patch on top of my postgre 12
> installation:
> https://www.postgresql.org/message-id/
> CAD21AoBjrbxvaMpTApX1cEsO%3D8N%3Dnc2xVZPB0d9e-VjJ%3DYaRnw%40mail.gmail.com  

The patch is for developers and not for production use.

---------------------------------------------------------------------------


>
>
> Regards,
> Chirag.  
>
> On Thu, Jun 25, 2020 at 3:33 PM Patrick FICHE <Patrick.Fiche@aqsacom.com>
> wrote:
>
>
>     Hi
>
>      
>
>     CYBERTEC provided good installation guide (https://
>     www.cybertec-postgresql.com/en/products/
>     postgresql-transparent-data-encryption/).
>
>      
>
>     Here is their answer to your question :
>
>     Q: Can I upgrade to an encrypted database?
>     A: In place encryption of existing clusters is currently not supported. A
>     dump and reload to an encrypted instance is required, or logical
>     replication can be used to perform the migration online.
>
>      
>
>     Regards,
>
>      
>
>     Patrick Fiche
>
>     Database Engineer, Aqsacom Sas.
>
>     c. 33 6 82 80 69 96
>
>      
>
>     01-03_AQSA_Main_Corporate_Logo_JPEG_White_Low.jpg
>
>      
>
>     From: Bhalodiya, Chirag <chirag.bhalodiya@contractors.roche.com>
>     Sent: Thursday, June 25, 2020 9:50 AM
>     To: pgsql-general@postgresql.org
>     Subject: PostGreSQL TDE encryption patch
>
>      
>
>     Hi,
>
>      
>
>     We are migrating our product to PostGreSQL from Oracle and as part of HIPPA
>     (https://en.wikipedia.org/wiki/
>     Health_Insurance_Portability_and_Accountability_Act) guidelines, we have a
>     requirement to encrypt entire tablespace/specific tables using Transparent
>     data encryption(TDE).
>
>      
>
>     I was looking at TDE solution in PostGreSQL and went through following
>     wiki:
>
>     https://wiki.postgresql.org/wiki/Transparent_Data_Encryption 
>
>      
>
>     I found following TDE patch from this wiki:  
>
>     https://www.postgresql.org/message-id/
>     CAD21AoBjrbxvaMpTApX1cEsO%3D8N%3Dnc2xVZPB0d9e-VjJ%3DYaRnw%40mail.gmail.com
>       
>
>      
>
>     However, I am not sure how to apply this patch and I had the
>     following questions:
>
>     1. We are using PostGreSQL 12. Is it possible to apply patches on top of
>     existing PostGreSQL installation?
>
>     2. Will it be available anytime sooner with a major release like PostGreSQL
>     13? 
>
>      
>
>     Regards,
>
>     Chirag.
>



--
  Bruce Momjian  <bruce@momjian.us>        https://momjian.us
  EnterpriseDB                             https://enterprisedb.com

  The usefulness of a cup is in its emptiness, Bruce Lee