Quick Links

Re: [Proposal] Table-level Transparent Data Encryption (TDE) and Key Management Service (KMS)

From:	Bruce Momjian <bruce(at)momjian(dot)us>
To:	Stephen Frost <sfrost(at)snowman(dot)net>
Cc:	Masahiko Sawada <sawada(dot)mshk(at)gmail(dot)com>, Antonin Houska <ah(at)cybertec(dot)at>, Sehrope Sarkuni <sehrope(at)jackdb(dot)com>, Joe Conway <mail(at)joeconway(dot)com>, Tomas Vondra <tomas(dot)vondra(at)2ndquadrant(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com>, Haribabu Kommi <kommi(dot)haribabu(at)gmail(dot)com>, "Moon, Insung" <Moon_Insung_i3(at)lab(dot)ntt(dot)co(dot)jp>, Ibrar Ahmed <ibrar(dot)ahmad(at)gmail(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>
Subject:	Re: [Proposal] Table-level Transparent Data Encryption (TDE) and Key Management Service (KMS)
Date:	2019-08-23 11:36:03
Message-ID:	20190823113603.GA16285@momjian.us
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

On Sat, Aug 17, 2019 at 01:52:17PM -0400, Stephen Frost wrote:
> Being PostgreSQL, I would expect us to shoot for as much flexibility as
> we possible, similar to what we've done for our ACL system where we
> support down to a column-level (and row level with RLS).
>
> That's our target end-goal. Having an incremental plan to get there
> where we start with something simpler and then work towards a more
> complicated implementation is fine- but that base, as I've said multiple
> times and as supported by what we see other database systems have,
> should include some kind of key store with support for multiple keys and
> a way to encrypt something less than the entire system. Every other
> database system that we consider at all comparable has at least that.

Well, we don't blindly copy features from other databases. The features
has to be useful for our users and reasonable to implement in Postgres.
This is been the criteria for every other Postgres features I have seen
developed.

--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com

+ As you are, so once was I. As I am, so you will be. +
+ Ancient Roman grave inscription +

In response to

Re: [Proposal] Table-level Transparent Data Encryption (TDE) and Key Management Service (KMS) at 2019-08-17 17:52:17 from Stephen Frost

Responses

Re: [Proposal] Table-level Transparent Data Encryption (TDE) and Key Management Service (KMS) at 2019-08-23 11:45:22 from Stephen Frost

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Konstantin Knizhnik	2019-08-23 11:37:28	Re: Optimization of vacuum for logical replication
Previous Message	Konstantin Knizhnik	2019-08-23 11:21:19	Re: Why overhead of SPI is so large?