Re: Transparent column encryption

From: Peter Eisentraut <peter(dot)eisentraut(at)enterprisedb(dot)com>
To: pgsql-hackers <pgsql-hackers(at)postgresql(dot)org>
Cc: vignesh C <vignesh21(at)gmail(dot)com>
Subject: Re: Transparent column encryption
Date: 2023-01-25 18:44:37
Message-ID: 1034b6f1-ccab-8a22-c843-71104ebedf01@enterprisedb.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On 11.01.23 17:46, vignesh C wrote:
> On Sat, 31 Dec 2022 at 19:47, Peter Eisentraut
> <peter(dot)eisentraut(at)enterprisedb(dot)com> wrote:
>>
>> On 21.12.22 06:46, Peter Eisentraut wrote:
>>> And another update. The main changes are that I added an 'unspecified'
>>> CMK algorithm, which indicates that the external KMS knows what it is
>>> but the database system doesn't. This was discussed a while ago. I
>>> also changed some details about how the "cmklookup" works in libpq. Also
>>> added more code comments and documentation and rearranged some code.
>>>
>>> According to my local todo list, this patch is now complete.
>>
>> Another update, with some merge conflicts resolved. I also fixed up the
>> remaining TODO markers in the code, which had something to do with Perl
>> and Windows. I did some more work on schema handling, e.g., CREATE
>> TABLE / LIKE, views, partitioning etc. on top of encrypted columns,
>> mostly tedious and repetitive, nothing interesting. I also rewrote the
>> code that extracts the underlying tables and columns corresponding to
>> query parameters. It's now much simpler and better encapsulated.
>
> The patch does not apply on top of HEAD as in [1], please post a rebased patch:

Here is a new patch. Changes since v14:

- Fixed some typos (review by Justin Pryzby)
- Fixed backward compat. psql and pg_dump (review by Justin Pryzby)
- Doc additions (review by Jacob Champion)
- Validate column_encryption option in libpq (review by Jacob Champion)
- Handle column encryption in inheritance
- Change CEKs and CMKs to live inside schemas

Attachment Content-Type Size
v15-0001-Transparent-column-encryption.patch text/plain 413.7 KB

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Peter Eisentraut 2023-01-25 18:45:18 Re: Transparent column encryption
Previous Message Dimos Stamatakis 2023-01-25 18:38:55 pg_upgrade from PG-14.5 to PG-15.1 failing due to non-existing function