| From: | Vick Khera <vivek(at)khera(dot)org> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Postgresql database encryption |
| Date: | 2018-04-20 20:55:34 |
| Message-ID: | CALd+dcfS8rCQb1fuo5Ua9HvPqibgrvib4+QsSo7v9SJjxf=3Dg@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Fri, Apr 20, 2018 at 11:24 AM, Vikas Sharma <shavikas(at)gmail(dot)com> wrote:
> Hello Guys,
>
> Could someone throw light on the postgresql instance wide or database wide
> encryption please? Is this possible in postgresql and been in use in
> production?.
>
For anyone to offer a proper solution, you need to say what purpose your
encryption will serve. Does the data need to be encrypted at rest? Does it
need to be encrypted in memory? Does it need to be encrypted at the
database level or at the application level? Do you need to be able to query
the data? There are all sorts of scenarios and use cases, and you need to
be more specific.
For me, using whole-disk encryption solved my need, which was to ensure
that the data on disk cannot be read once removed from the server. For
certain fields in one table, I use application level encryption so only the
application itself can see the original data. Anyone else querying that
table sees the encrypted blob, and it was not searchable.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jonathan S. Katz | 2018-04-20 21:10:58 | Re: New website |
| Previous Message | PegoraroF10 | 2018-04-20 20:30:46 | Re: Problem with trigger makes Detail record be invalid |