| From: | Peter Eisentraut <peter(dot)eisentraut(at)enterprisedb(dot)com> |
|---|---|
| To: | Mark Dilger <mark(dot)dilger(at)enterprisedb(dot)com> |
| Cc: | pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Transparent column encryption |
| Date: | 2023-01-12 16:32:10 |
| Message-ID: | ad1eab7d-04da-95ee-9377-7b1fd312f905@enterprisedb.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 10.01.23 18:26, Mark Dilger wrote:
> I wonder if logical replication could be made to work more easily with this feature. Specifically, subscribers of encrypted columns will need the encrypted column encryption key (CEK) and the name of the column master key (CMD) as exists on the publisher, but getting access to that is not automated as far as I can see. It doesn't come through automatically as part of a subscription, and publisher's can't publish the pg_catalog tables where the keys are kept (because publishing system tables is not supported.) Is it reasonable to make available the CEK and CMK to subscribers in an automated fashion, to facilitate setting up logical replication with less manual distribution of key information? Is this already done, and I'm just not recognizing that you've done it?
This would be done as part of DDL replication.
> Can we do anything about the attack vector wherein a malicious DBA simply copies the encrypted datum from one row to another?
We discussed this earlier [0]. This patch is not that feature. We
could get there eventually, but it would appear to be an immense amount
of additional work. We have to start somewhere.
[0]:
https://www.postgresql.org/message-id/4fbcf5540633699fc3d81ffb59cb0ac884673a7c.camel@vmware.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Eisentraut | 2023-01-12 17:00:59 | Re: drop postmaster symlink |
| Previous Message | Peter Eisentraut | 2023-01-12 16:19:47 | Re: split TOAST support out of postgres.h |