Re: WIP: Data at rest encryption

Peter Eisentraut <peter.eisentraut@2ndquadrant.com>

From: Peter Eisentraut <peter.eisentraut@2ndquadrant.com>
To: Stephen Frost <sfrost@snowman.net>
Cc: Bruce Momjian <bruce@momjian.us>, Ants Aasma <ants.aasma@eesti.ee>, Robert Haas <robertmhaas@gmail.com>, PostgreSQL-development <pgsql-hackers@postgresql.org>
Date: 2017-06-14T21:36:16Z
Lists: pgsql-hackers
On 6/13/17 18:11, Stephen Frost wrote:
>> Let's see a proposal in those terms then.  How easy can you make it,
>> compared to existing OS-level solutions, and will that justify the
>> maintenance overhead?
> From the original post on this thread, which included a WIP patch:
> 
> ----------------------------------
> Usage
> =====
> 
> Set up database like so:
> 
>     (read -sp "Postgres passphrase: " PGENCRYPTIONKEY; echo;
>      export PGENCRYPTIONKEY
>      initdb -k -K pgcrypto $PGDATA )
> 
> Start PostgreSQL:
> 
>     (read -sp "Postgres passphrase: " PGENCRYPTIONKEY; echo;
>      export PGENCRYPTIONKEY
>      postgres $PGDATA )
> ----------------------------------

Relying on environment variables is clearly pretty crappy.  So if that's
the proposal, then I think it needs to be better.

-- 
Peter Eisentraut              http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services


Commits

  1. Dramatically reduce System V shared memory consumption.