| From: | Chris Travers <chris(dot)travers(at)gmail(dot)com> |
|---|---|
| To: | pgsql-hackers(at)lists(dot)postgresql(dot)org |
| Cc: | David Christensen <david+pg(at)pgguru(dot)net> |
| Subject: | Re: Moving forward with TDE |
| Date: | 2023-12-17 06:30:50 |
| Message-ID: | 170279465004.2631682.1886882000695050104.pgcf@coridan.postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hi,
I was re-reading the patches here and there was one thing I didn't understand.
There are provisions for a separation of data encryption keys for primary and replica I see, and these share a single WAL key.
But if I am setting up a replica from the primary, and the primary is already encrypted, then do these forceably share the same data encrypting keys? Is there a need to have (possibly in a follow-up patch) an ability to decrypt and re-encrypt in pg_basebackup (which would need access to both keys) or is this handled already and I just missed it?
Best Wishes,
Chris Travers
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andy Fan | 2023-12-17 13:46:52 | Re: Is a clearer memory lifespan for outerTuple and innerTuple useful? |
| Previous Message | Alexander Lakhin | 2023-12-17 05:00:00 | Re: [PoC] pg_upgrade: allow to upgrade publisher node |