Thread: TDE in PostgreSQL

TDE in PostgreSQL

From
Євген Панченко
Date:
Hello, very hard to find some information about TDE ( Transparent Data Encryption  ) in PostgreSQL. Could you answer my question?
1) Do PostgreSQL supported TDE  ( Transparent Data Encryption  )?     

Re: TDE in PostgreSQL

From
Fabien COELHO
Date:
> Hello, very hard to find some information about TDE ( Transparent Data
> Encryption  ) in PostgreSQL. Could you answer my question?
> 1) Do PostgreSQL supported TDE  ( Transparent Data Encryption  )?

No, which explain why informations are hard to come:-)

This is not a bug, but the absence of a feature.

Note that encryption can occur at many levels, which level is relevant 
depends on the threat model:
  1. the app can encrypt data in tables
  2. the database can encrypt its files
  3. the os can encrypt a partition
  4. the disks can encrypt their data

1. can be done with a pg extension (ISTM that several exist). 3. depends 
on the OS (data at rest encryption), 4 depends on the hardware. Some 
people are working on implementing some form of (2).

-- 
Fabien.



Re: TDE in PostgreSQL

From
"Hans-Jürgen Schönig (PostgreSQL)"
Date:
hi …

actually we are trying to push encryption into core …
so far there is no success.
our stuff is working and we use it at many clients already without any issues.
you can download a TDE enabled version of postgres from our website for free:

just ask me directly (hs@cybertec.at) if you got any questions.

many thanks,

hans


On 10.07.2020, at 13:52, Fabien COELHO <coelho@cri.ensmp.fr> wrote:


Hello, very hard to find some information about TDE ( Transparent Data
Encryption  ) in PostgreSQL. Could you answer my question?
1) Do PostgreSQL supported TDE  ( Transparent Data Encryption  )?

No, which explain why informations are hard to come:-)

This is not a bug, but the absence of a feature.

Note that encryption can occur at many levels, which level is relevant depends on the threat model:
1. the app can encrypt data in tables
2. the database can encrypt its files
3. the os can encrypt a partition
4. the disks can encrypt their data

1. can be done with a pg extension (ISTM that several exist). 3. depends on the OS (data at rest encryption), 4 depends on the hardware. Some people are working on implementing some form of (2).

--
Fabien.



--
Cybertec PostgreSQL International GmbH
Gröhrmühlgasse 26, A-2700 Wiener Neustadt Web: https://www.cybertec-postgresql.com