Re: Would PostgreSQL 16 native transparent data encryption support database level encryption?
Rob Sargent <robjsargent@gmail.com>
From: Rob Sargent <robjsargent@gmail.com>
To: pgsql-general@lists.postgresql.org
Date: 2023-05-18T17:54:05Z
Lists: pgsql-general
On 5/18/23 11:49, Ron wrote: > On 5/18/23 10:54, Stephen Frost wrote: >> Greetings, >> >> * Tony Xu (tony.xu@rubrik.com) wrote: >>> The FAQ (copied below) mentioned that native transparent data encryption >>> might be included in 16. Is it fair to assume that it will support database >>> level encryption, that is, we can use two encryption keys for two databases >>> in the same server, respectively? How can one verify that? >> The current work to include TDE in PG isn't contemplating a per-database >> key option. What's the use-case for that? Why do you feel that you'd >> need two independent keys? > > I don't /feel/ that key-per-database us useful; I /know/ that > key-per-database is useful, since the databases can be different > projects for different companies. Each wants it's own encryption key > so that no one else can get to their at-rest data. > > (pg_dump files will automatically be encrypted, right?) > > -- > Born in Arizona, moved to Babylonia. Ron, this sounds like a revenue opportunity: "Oh you want your own key, well then we'll have to spin up another server just for you so you're all separate and special-like. Way more secure that way."