Thread: TDE in PostgreSQL
Hello, very hard to find some information about TDE ( Transparent Data Encryption ) in PostgreSQL. Could you answer my question?
1) Do PostgreSQL supported TDE ( Transparent Data Encryption )?
1) Do PostgreSQL supported TDE ( Transparent Data Encryption )?
> Hello, very hard to find some information about TDE ( Transparent Data > Encryption ) in PostgreSQL. Could you answer my question? > 1) Do PostgreSQL supported TDE ( Transparent Data Encryption )? No, which explain why informations are hard to come:-) This is not a bug, but the absence of a feature. Note that encryption can occur at many levels, which level is relevant depends on the threat model: 1. the app can encrypt data in tables 2. the database can encrypt its files 3. the os can encrypt a partition 4. the disks can encrypt their data 1. can be done with a pg extension (ISTM that several exist). 3. depends on the OS (data at rest encryption), 4 depends on the hardware. Some people are working on implementing some form of (2). -- Fabien.
hi …
actually we are trying to push encryption into core …
so far there is no success.
our stuff is working and we use it at many clients already without any issues.
you can download a TDE enabled version of postgres from our website for free:
just ask me directly (hs@cybertec.at) if you got any questions.
many thanks,
hans
On 10.07.2020, at 13:52, Fabien COELHO <coelho@cri.ensmp.fr> wrote:Hello, very hard to find some information about TDE ( Transparent Data
Encryption ) in PostgreSQL. Could you answer my question?
1) Do PostgreSQL supported TDE ( Transparent Data Encryption )?
No, which explain why informations are hard to come:-)
This is not a bug, but the absence of a feature.
Note that encryption can occur at many levels, which level is relevant depends on the threat model:
1. the app can encrypt data in tables
2. the database can encrypt its files
3. the os can encrypt a partition
4. the disks can encrypt their data
1. can be done with a pg extension (ISTM that several exist). 3. depends on the OS (data at rest encryption), 4 depends on the hardware. Some people are working on implementing some form of (2).
--
Fabien.
--Cybertec PostgreSQL International GmbHGröhrmühlgasse 26, A-2700 Wiener Neustadt Web: https://www.cybertec-postgresql.com