| From: | Magnus Hagander <magnus(at)hagander(dot)net> |
|---|---|
| To: | mdaswani <md(at)quintessencelabs(dot)com> |
| Cc: | "pgsql-general(at)postgresql(dot)org" <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: Support for hardware tokens for server/replication private key |
| Date: | 2015-12-08 21:05:16 |
| Message-ID: | CABUevEzw1paQWd8nbbz+G=WPhdR1fWKZwxnWV=MOOomxD3m=1Q@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Thu, Dec 3, 2015 at 5:31 AM, mdaswani <md(at)quintessencelabs(dot)com> wrote:
> Hi,
>
> Postgres allows client-side SSL requests to use secret keys on hardware
> tokens via OpenSSL engine support. Is there an equivalent way to store the
> server key on a hardware token.
>
> Similarly, is it possible to specify private keys on a hardware token for
> replication connections? Does the sslkey parameter of the primary_conninfo
> string in the recovery.conf file accept an OpenSSL Engine token key?
>
While I haven't tested it and haven't heard of anybody else who has, it
should work. From a libpq perspective ,the replication standby is "just
another client", so any parameters that work for libpq should work there.
--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Adrian Klaver | 2015-12-09 00:23:56 | Re: error on pg_restore |
| Previous Message | Sylvain MARECHAL | 2015-12-08 18:50:07 | Re: bdr manual cleanup required |