| From: | Bruce Momjian <bruce(at)momjian(dot)us> |
|---|---|
| To: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Cc: | "Moon, Insung" <Moon_Insung_i3(at)lab(dot)ntt(dot)co(dot)jp> |
| Subject: | Unified security key managment |
| Date: | 2019-02-22 03:58:16 |
| Message-ID: | 20190222035816.uozqvc4wjyag3pme@momjian.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
I know there has been recent discussion about implementing transparent
data encryption (TDE) in Postgres:
I would like to now post a new extension I developed to handle
cryptographic key management in Postgres. It could be used with TDE,
with pgcrypto, and with an auto-encrypted data type. It is called
pgcryptokey and can be downloaded from:
https://momjian.us/download/pgcryptokey/
I am attaching its README file to this email.
The extension uses two-layer key storage, and stores the key in a
Postgres table. It allows the encryption key to be unlocked by the
client, or at boot time. (This would need to be modified to be a global
table if it was used for block-level encryption like TDE.)
I am willing to continue to develop this extension if there is interest.
Should I put it on PGXN eventually? It is something we would want in
/contrib?
--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ As you are, so once was I. As I am, so you will be. +
+ Ancient Roman grave inscription +
| Attachment | Content-Type | Size |
|---|---|---|
| README | text/plain | 7.7 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Michael Paquier | 2019-02-22 04:22:46 | Re: Removal of duplicate variable declarations in fe-connect.c |
| Previous Message | Amit Kapila | 2019-02-22 02:59:27 | Re: WIP: Avoid creation of the free space map for small tables |