| From: | Bruce Momjian <bruce(at)momjian(dot)us> |
|---|---|
| To: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Value of Transparent Data Encryption (TDE) |
| Date: | 2019-09-30 21:40:52 |
| Message-ID: | 20190930214052.GA28769@momjian.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
For plan for full-cluster Transparent Data Encryption (TDE) is here:
https://wiki.postgresql.org/wiki/Transparent_Data_Encryption#TODO_for_Full-Cluster_Encryption
The values it has, I think, are:
* encrypts data for anyone with read-access to the file system (but not
memory)
* I think write access would allow access to the encryption keys
by modifying postgresql.conf or other files
* This is particularly useful if the storage is remote
* encrypts non-logical/non-pg_dump-like backups
* fulfills several security compliance requirements
* encrypts storage
* perhaps easier to implement than file system encryption
Is that accurate?
--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ As you are, so once was I. As I am, so you will be. +
+ Ancient Roman grave inscription +
| From | Date | Subject | |
|---|---|---|---|
| Next Message | David Steele | 2019-09-30 22:20:31 | Re: Commit fest 2019-09 |
| Previous Message | David Fetter | 2019-09-30 21:26:58 | Re: Commit fest 2019-09 |