Re: WIP: Data at rest encryption
Peter Eisentraut <peter.eisentraut@2ndquadrant.com>
From: Peter Eisentraut <peter.eisentraut@2ndquadrant.com>
To: Stephen Frost <sfrost@snowman.net>
Cc: Bruce Momjian <bruce@momjian.us>, Ants Aasma <ants.aasma@eesti.ee>,
Robert Haas <robertmhaas@gmail.com>,
PostgreSQL-development <pgsql-hackers@postgresql.org>
Date: 2017-06-14T21:36:16Z
Lists: pgsql-hackers
On 6/13/17 18:11, Stephen Frost wrote: >> Let's see a proposal in those terms then. How easy can you make it, >> compared to existing OS-level solutions, and will that justify the >> maintenance overhead? > From the original post on this thread, which included a WIP patch: > > ---------------------------------- > Usage > ===== > > Set up database like so: > > (read -sp "Postgres passphrase: " PGENCRYPTIONKEY; echo; > export PGENCRYPTIONKEY > initdb -k -K pgcrypto $PGDATA ) > > Start PostgreSQL: > > (read -sp "Postgres passphrase: " PGENCRYPTIONKEY; echo; > export PGENCRYPTIONKEY > postgres $PGDATA ) > ---------------------------------- Relying on environment variables is clearly pretty crappy. So if that's the proposal, then I think it needs to be better. -- Peter Eisentraut http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
Commits
-
Dramatically reduce System V shared memory consumption.
- b0fc0df9364d 9.3.0 cited