| From: | Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at> |
|---|---|
| To: | Yambu <hyambu(at)gmail(dot)com>, Pgsql-admin <pgsql-admin(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Encryption key storage |
| Date: | 2021-03-17 12:37:18 |
| Message-ID: | 34d924f51d31ebe4577a90459b8eb7515b61a512.camel@cybertec.at |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
On Wed, 2021-03-17 at 14:05 +0200, Yambu wrote:
> Where should we store the encryption key after encrypting column data?
>
> We are planning to store it in a table which we will restrict access to, but i wonder if this is the best place.
>
> We are using pgcryto and pg v10.
For good security, you don't store the key in the database, but somewhere else.
Otherwise the database superuser can get at your data.
For better security, don't use pgcrypto, so that you don't have to send the
secret to the database server (even if it is not persisted there).
Yours,
Laurenz Albe
--
Cybertec | https://www.cybertec-postgresql.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Nikhil Shetty | 2021-03-18 05:45:44 | Number of internal operations for a single DML/DDL |
| Previous Message | Yambu | 2021-03-17 12:05:10 | Encryption key storage |