Re: Would PostgreSQL 16 native transparent data encryption support database level encryption?

Rob Sargent <robjsargent@gmail.com>

From: Rob Sargent <robjsargent@gmail.com>
To: pgsql-general@lists.postgresql.org
Date: 2023-05-18T17:54:05Z
Lists: pgsql-general
On 5/18/23 11:49, Ron wrote:
> On 5/18/23 10:54, Stephen Frost wrote:
>> Greetings,
>>
>> * Tony Xu (tony.xu@rubrik.com) wrote:
>>> The FAQ (copied below) mentioned that native transparent data encryption
>>> might be included in 16. Is it fair to assume that it will support database
>>> level encryption, that is, we can use two encryption keys for two databases
>>> in the same server, respectively? How can one verify that?
>> The current work to include TDE in PG isn't contemplating a per-database
>> key option.  What's the use-case for that?  Why do you feel that you'd
>> need two independent keys?
>
> I don't /feel/ that key-per-database us useful; I /know/ that 
> key-per-database is useful, since the databases can be different 
> projects for different companies.  Each wants it's own encryption key 
> so that no one else can get to their at-rest data.
>
> (pg_dump files will automatically be encrypted, right?)
>
> -- 
> Born in Arizona, moved to Babylonia.
Ron, this sounds like a revenue opportunity:  "Oh you want your own key, 
well then we'll have to spin up another server just for you so you're 
all separate and special-like.  Way more secure that way."