| From: | Tony Xu <tony(dot)xu(at)rubrik(dot)com> |
|---|---|
| To: | Marc Millas <marc(dot)millas(at)mokadb(dot)com> |
| Cc: | Thomas Kellerer <shammat(at)gmx(dot)net>, pgsql-general(at)lists(dot)postgresql(dot)org |
| Subject: | Re: Would PostgreSQL 16 native transparent data encryption support database level encryption? |
| Date: | 2023-05-22 18:02:04 |
| Message-ID: | CACufLfwDbvsF9d_AxZb1Co0SJJB2XnCYuwQ5+FhVtGF3VYBQmg@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Thanks all for the discussions. It sounds like there are different
questions to clear before we can get to a conclusion on if per-database KEK
is possible or not.
First question - do we, as a community, see the value of the proposal and
do we believe that value is big enough for us to make any necessary changes
to PostgreSQL? Another way to ask is, do we want/need to keep the parity
with other database solutions that already have such ability?
If the answer to the first question is no, then I will stop here.
However, if the answer is yes or "it depends", then the second question is
on how - It seems that per-cluster KEK can be a a good alternative to
achieve the same as per-db KEK, however, there are still some shared area
between clusters. Is it possible to further split this shared area? Are
there more shared memory/storage between clusters?
> In the proposed TDE work, yes, each cluster (which is an entier
>> PostgreSQL system) would be able to have its own KEK.
>>
>> There's a bit of overhead from each cluster and each would have their
>> own shared buffers pool of memory and such.
>>
>
Thanks
Tony
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Christophe Pettus | 2023-05-22 18:16:20 | Re: Would PostgreSQL 16 native transparent data encryption support database level encryption? |
| Previous Message | Adrian Klaver | 2023-05-22 15:44:46 | Re: DBeaver postgres localhost access |