Re: Proposed patch for key managment

From: Bruce Momjian <bruce(at)momjian(dot)us>
To: PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>
Cc: Masahiko Sawada <masahiko(dot)sawada(at)2ndquadrant(dot)com>
Subject: Re: Proposed patch for key managment
Date: 2020-12-14 23:06:15
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pgsql-hackers

On Wed, Dec 2, 2020 at 04:38:14PM -0500, Bruce Momjian wrote:
> Attached is a patch for key management, which will eventually be part of
> cluster file encryption (CFE), called TDE (Transparent Data Encryption)
> by Oracle. It is an update of Masahiko Sawada's patch from July 31:
> Sawada-san did all the hard work, and I just redirected the patch. The
> general outline of this CFE feature can be seen here:
> The currently planned progression for this feature is to allow secure
> retrieval of key encryption keys (KEK) outside of the database, then use
> those to encrypt data keys that encrypt heap/index/tmpfile files.
> If most people approve of this general approach, and the design
> decisions made, I would like to apply this in the next few weeks, but
> this brings complications. The syntax added by this commit might not
> provide a useful feature until PG 15, so how do we hide it from users.
> I was thinking of not applying the doc changes (or commenting them out)
> and commenting out the --help output.

I am getting close to applying these patches, probably this week. The
patches are cumulative:

I do have a few questions:

Why is KmgrShmemData a struct, when it only has a single member? Are
all shared memory areas structs?

Should pg_altercpass be using fsync's for directory renames?

Can anyone test this on Windows, particularly -R handling?

What testing infrastructure should this have?

There are a few shell script I should include to show how to create
commands. Where should they be stored? /contrib module?

Are people okay with having the feature enabled, but invisible
since the docs and --help output are missing? When we enable
ssl_passphrase_command to prompt from the terminal, some of the
command-line options will be useful.

Do people like the command-letter choices?

I called the alter passphrase utility pg_altercpass. I could
have called it pg_clusterpass, but I wanted to highlight it is
only for changing the passphrase, not for creating them.

Bruce Momjian <bruce(at)momjian(dot)us>

The usefulness of a cup is in its emptiness, Bruce Lee

In response to


Browse pgsql-hackers by date

  From Date Subject
Next Message Tom Lane 2020-12-14 23:55:20 Re: HASH_BLOBS hazards (was Re: PATCH: logical_work_mem and logical streaming of large in-progress transactions)
Previous Message Joshua Drake 2020-12-14 22:31:23 Re: Optimizing the documentation