RE: [Proposal] Table-level Transparent Data Encryption (TDE) and Key Management Service (KMS)

Smith, Peter <peters@fast.au.fujitsu.com>

From: "Smith, Peter" <peters@fast.au.fujitsu.com>
To: Tomas Vondra <tomas.vondra@2ndquadrant.com>, Masahiko Sawada <sawada.mshk@gmail.com>
Cc: Bruce Momjian <bruce@momjian.us>, Stephen Frost <sfrost@snowman.net>, Joe Conway <mail@joeconway.com>, Peter Eisentraut <peter.eisentraut@2ndquadrant.com>, Robert Haas <robertmhaas@gmail.com>, Antonin Houska <ah@cybertec.at>, Haribabu Kommi <kommi.haribabu@gmail.com>, "Moon, Insung" <Moon_Insung_i3@lab.ntt.co.jp>, Ibrar Ahmed <ibrar.ahmad@gmail.com>, PostgreSQL-development <pgsql-hackers@postgresql.org>
Date: 2019-08-13T07:56:47Z
Lists: pgsql-hackers

Commits

Same data as JSON: GET /api/v1/messages/:b64id/commits the thread's linked commits as JSON, with link sources. API reference →
  1. Revamp the WAL record format.

On Sat, Aug 10, 2019 at 1:19 AM Tomas Vondra <tomas.vondra@2ndquadrant.com> wrote: 

> We can of course support "forced" re-encryption, but I think it's acceptable if that's fairly expensive as long as it can be throttled and executed in the background (kinda similar to the patch to enable checksums in the background).

As an alternative way to provide for a "forced" re-encryption couldn't you just run pg_dumpall + psql?

Regards,
--
Peter Smith
Fujitsu Australia