Re: [Proposal] Table-level Transparent Data Encryption (TDE) and Key Management Service (KMS)
Masahiko Sawada <sawada.mshk@gmail.com>
From: Masahiko Sawada <sawada.mshk@gmail.com>
To: Robert Haas <robertmhaas@gmail.com>
Cc: "Moon, Insung" <Moon_Insung_i3@lab.ntt.co.jp>,
Ibrar Ahmed <ibrar.ahmad@gmail.com>, PostgreSQL-development <pgsql-hackers@postgresql.org>
Date: 2019-03-04T05:40:53Z
Lists: pgsql-hackers
Commits
Same data as JSON:
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
Revamp the WAL record format.
- 2c03216d8311 9.5.0 cited
On Sat, Mar 2, 2019 at 5:27 AM Robert Haas <robertmhaas@gmail.com> wrote: > > On Thu, Feb 7, 2019 at 3:28 AM Masahiko Sawada <sawada.mshk@gmail.com> wrote: > > WAL encryption will follow as an additional feature. > > I don't think WAL encryption is an optional feature. You can argue > about whether it's useful to encrypt the disk files in the first place > given that there's no privilege boundary between the OS user and the > database, but a lot of people seem to think it is and maybe they're > right. However, who can justify encrypting only SOME of the disk > files and not others? I mean, maybe you could justify not encryption > the SLRU files on the grounds that they probably don't leak much in > the way of interesting information, but the WAL files certainly do -- > your data is there, just as much as in the data files themselves. > Agreed. > To be honest, I think there is a lot to like about the patches > Cybertec has proposed. Those patches don't have all of the fancy > key-management stuff that you are proposing here, but maybe that > stuff, if we want it, could be added, rather than starting over from > scratch. It seems to me that those patches get a lot of things right. > In particular, it looked to me when I looked at them like they made a > pretty determined effort to encrypt every byte that might go down to > the disk. It seems to me that you if you want encryption, you want > that. > Agreed. I think the patch lacks the key management stuff: 2-tier key architecture and integration of postgres with key management systems. I'd like to work together and can propose the patch of key management stuff to the proposed patch. Regards, -- Masahiko Sawada NIPPON TELEGRAPH AND TELEPHONE CORPORATION NTT Open Source Software Center