| From: | Bruce Momjian <bruce(at)momjian(dot)us> |
|---|---|
| To: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Transparent Data Encryption (TDE) and encrypted files |
| Date: | 2019-09-30 21:26:33 |
| Message-ID: | 20190930212633.GA18178@momjian.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
For full-cluster Transparent Data Encryption (TDE), the current plan is
to encrypt all heap and index files, WAL, and all pgsql_tmp (work_mem
overflow). The plan is:
https://wiki.postgresql.org/wiki/Transparent_Data_Encryption#TODO_for_Full-Cluster_Encryption
We don't see much value to encrypting vm, fsm, pg_xact, pg_multixact, or
other files. Is that correct? Do any other PGDATA files contain user
data?
--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ As you are, so once was I. As I am, so you will be. +
+ Ancient Roman grave inscription +
| From | Date | Subject | |
|---|---|---|---|
| Next Message | David Fetter | 2019-09-30 21:26:58 | Re: Commit fest 2019-09 |
| Previous Message | Andrew Dunstan | 2019-09-30 21:06:15 | msys2 is missing pexports |