Re: hide data from admins

From: Jehan-Guillaume de Rorthais <jgdr(at)dalibo(dot)com>
To: Ron Johnson <ronljohnsonjr(at)gmail(dot)com>
Cc: "pgsql-generallists(dot)postgresql(dot)org" <pgsql-general(at)lists(dot)postgresql(dot)org>
Subject: Re: hide data from admins
Date: 2025-03-13 18:37:14
Message-ID: 20250313193714.27810bba@karst
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

Le Tue, 11 Mar 2025 22:03:50 -0400,
Ron Johnson <ronljohnsonjr(at)gmail(dot)com> a écrit :

> On Tue, Mar 11, 2025 at 9:48 PM Siraj G <tosiraj(dot)g(at)gmail(dot)com> wrote:
>
> > Hello Experts!
> >
> > What are the features available in Postgresql to hide PII (personal
> > identifiable information) from the Admin team? Like in Oracle we have data
> > vault and data redaction, I am looking for similar features in
> > PostgreSQL.We do not want to do code level changes.
>
> Look at pgsodium. However, "no code level changes" is code for at-rest
> encryption.

Unless I'm wrong, pgsodium will not protect you from Admin team. The "postgres"
role will always be able to read your keys or meta-data to derive them from the
master key if they are stored inside the database… and root might be able to
scan the memory to find the master key I suppose.

Storing the keys outisde the database means code level change.

Your best bet would be the Transparent Column Encryption patch, but it is
stalled for one year.

In last resort, I suppose selinux/sepgsql machinery can lock everything the way
you want, even without encryption…

good luck.

In response to

Browse pgsql-general by date

  From Date Subject
Next Message Durgamahesh Manne 2025-03-13 19:12:36 Query optimization
Previous Message Adrian Klaver 2025-03-13 17:03:55 Re: Duplicate Key Values