From: | Jehan-Guillaume de Rorthais <jgdr(at)dalibo(dot)com> |
---|---|
To: | Ron Johnson <ronljohnsonjr(at)gmail(dot)com> |
Cc: | "pgsql-generallists(dot)postgresql(dot)org" <pgsql-general(at)lists(dot)postgresql(dot)org> |
Subject: | Re: hide data from admins |
Date: | 2025-03-13 18:37:14 |
Message-ID: | 20250313193714.27810bba@karst |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
Le Tue, 11 Mar 2025 22:03:50 -0400,
Ron Johnson <ronljohnsonjr(at)gmail(dot)com> a écrit :
> On Tue, Mar 11, 2025 at 9:48 PM Siraj G <tosiraj(dot)g(at)gmail(dot)com> wrote:
>
> > Hello Experts!
> >
> > What are the features available in Postgresql to hide PII (personal
> > identifiable information) from the Admin team? Like in Oracle we have data
> > vault and data redaction, I am looking for similar features in
> > PostgreSQL.We do not want to do code level changes.
>
> Look at pgsodium. However, "no code level changes" is code for at-rest
> encryption.
Unless I'm wrong, pgsodium will not protect you from Admin team. The "postgres"
role will always be able to read your keys or meta-data to derive them from the
master key if they are stored inside the database… and root might be able to
scan the memory to find the master key I suppose.
Storing the keys outisde the database means code level change.
Your best bet would be the Transparent Column Encryption patch, but it is
stalled for one year.
In last resort, I suppose selinux/sepgsql machinery can lock everything the way
you want, even without encryption…
good luck.
From | Date | Subject | |
---|---|---|---|
Next Message | Durgamahesh Manne | 2025-03-13 19:12:36 | Query optimization |
Previous Message | Adrian Klaver | 2025-03-13 17:03:55 | Re: Duplicate Key Values |