Re: WIP: Data at rest encryption

Michael Paquier <michael.paquier@gmail.com>

From: Michael Paquier <michael.paquier@gmail.com>
To: Ants Aasma <ants.aasma@gmail.com>
Cc: Haribabu Kommi <kommi.haribabu@gmail.com>, PostgreSQL-development <pgsql-hackers@postgresql.org>
Date: 2016-06-13T05:17:27Z
Lists: pgsql-hackers
On Sun, Jun 12, 2016 at 4:13 PM, Ants Aasma <ants.aasma@gmail.com> wrote:
>> I feel separate file is better to include the key data instead of pg_control
>> file.
>
> I guess that would be more flexible. However I think at least the fact
> that the database is encrypted should remain in the control file to
> provide useful error messages for faulty backup procedures.

Another possibility could be always to do some encryption at data-type
level for text data. For example I recalled the following thing while
going through this thread:
https://github.com/nec-postgres/tdeforpg
Though I don't quite understand the use for encrypt.enable in this
code... This has the advantage to not patch upstream.
-- 
Michael


Commits

  1. Dramatically reduce System V shared memory consumption.