| From: | Robert Haas <robertmhaas(at)gmail(dot)com> |
|---|---|
| To: | Bruce Momjian <bruce(at)momjian(dot)us> |
| Cc: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Transparent Data Encryption (TDE) and encrypted files |
| Date: | 2019-10-03 14:29:07 |
| Message-ID: | CA+TgmobOreT=W=wxJW20KuxVnLzqEBQ_mXQAfE_QTmSWORCueQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Mon, Sep 30, 2019 at 5:26 PM Bruce Momjian <bruce(at)momjian(dot)us> wrote:
> For full-cluster Transparent Data Encryption (TDE), the current plan is
> to encrypt all heap and index files, WAL, and all pgsql_tmp (work_mem
> overflow). The plan is:
>
> https://wiki.postgresql.org/wiki/Transparent_Data_Encryption#TODO_for_Full-Cluster_Encryption
>
> We don't see much value to encrypting vm, fsm, pg_xact, pg_multixact, or
> other files. Is that correct? Do any other PGDATA files contain user
> data?
As others have said, that sounds wrong to me. I think you need to
encrypt everything.
I'm not sold on the comments that have been made about encrypting the
server log. I agree that could leak data, but that seems like somebody
else's problem: the log files aren't really under PostgreSQL's
management in the same way as pg_clog is. If you want to secure your
logs, send them to syslog and configure it to do whatever you need.
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephen Frost | 2019-10-03 14:40:40 | Re: Transparent Data Encryption (TDE) and encrypted files |
| Previous Message | Robert Haas | 2019-10-03 14:26:15 | Re: Value of Transparent Data Encryption (TDE) |