Re: [Proposal] Table-level Transparent Data Encryption (TDE) and Key Management Service (KMS)
Stephen Frost <sfrost@snowman.net>
From: Stephen Frost <sfrost@snowman.net>
To: Bruce Momjian <bruce@momjian.us>
Cc: Antonin Houska <ah@cybertec.at>, Sehrope Sarkuni <sehrope@jackdb.com>, Masahiko Sawada <sawada.mshk@gmail.com>, Joe Conway <mail@joeconway.com>, Tomas Vondra <tomas.vondra@2ndquadrant.com>, Robert Haas <robertmhaas@gmail.com>, Haribabu Kommi <kommi.haribabu@gmail.com>, "Moon, Insung" <Moon_Insung_i3@lab.ntt.co.jp>, Ibrar Ahmed <ibrar.ahmad@gmail.com>, PostgreSQL-development <pgsql-hackers@postgresql.org>
Date: 2019-08-16T00:34:53Z
Lists: pgsql-hackers
Commits
Same data as JSON:
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
Revamp the WAL record format.
- 2c03216d8311 9.5.0 cited
Greetings, * Bruce Momjian (bruce@momjian.us) wrote: > On Thu, Aug 15, 2019 at 11:24:46AM +0200, Antonin Houska wrote: > > > I think there are several directions we can go after all-cluster > > > encryption, > > > > I think I misunderstood. What you summarize in > > > > https://wiki.postgresql.org/wiki/Transparent_Data_Encryption#TODO_for_Full-Cluster_Encryption > > > > does include > > > > https://www.postgresql.org/message-id/CAD21AoBjrbxvaMpTApX1cEsO=8N=nc2xVZPB0d9e-VjJ=YaRnw@mail.gmail.com > > > > i.e. per-tablespace keys, right? Then the collaboration should be easier than > > I thought. > > No, there is a single tables/indexes key and a WAL key, plus keys for > rotation. I explained why per-tablespace keys don't add much value. Nothing in the discussion that I've seen, at least, has changed my opinion that tablespace-based keys *would* add significant value, particularly if it'd be difficult to support per-table keys. Of course, if we can get per-table keys without too much difficulty then that would be better. Thanks, Stephen