Re: Internal key management system
Robert Haas <robertmhaas@gmail.com>
From: Robert Haas <robertmhaas@gmail.com>
To: Masahiko Sawada <masahiko.sawada@2ndquadrant.com>
Cc: Cary Huang <cary.huang@highgo.ca>, Ahsan Hadi <ahsan.hadi@gmail.com>, Bruce Momjian <bruce@momjian.us>,
PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>, "Moon, Insung" <tsukiwamoon.pgsql@gmail.com>,
Fabien COELHO <coelho@cri.ensmp.fr>, Sehrope Sarkuni <sehrope@jackdb.com>, cary huang <hcary328@gmail.com>, Ibrar Ahmed <ibrar.ahmad@gmail.com>, Joe Conway <mail@joeconway.com>
Date: 2020-05-29T19:20:09Z
Lists: pgsql-hackers
On Fri, May 29, 2020 at 1:50 AM Masahiko Sawada <masahiko.sawada@2ndquadrant.com> wrote: > However, this usage has a downside that user secret can be logged to > server logs when log_statement = 'all' or an error happens. To deal > with this issue I've created a PoC patch on top of the key manager > patch which adds a libpq function PQencrypt() to encrypt data and new > psql meta-command named \encrypt in order to encrypt data while > eliminating the possibility of the user data being logged. > PQencrypt() just calls pg_encrypt() via PQfn(). Using this command the > above example can become as follows: If PQfn() calls aren't currently logged, that's probably more of an oversight due to the feature being almost dead than something upon which we want to rely. -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company