Re: Disk Encryption in Production

On Mar 25, 2014, at 3:30 PM, Carlos Espejo <carlosespejo(at)gmail(dot)com> wrote:
> Anybody running their PostgreSQL server from a ecryptfs container? What are the common production setups out there? What are the drawbacks that people have experienced with their solution?

We run postgres on XFS on lvm volumes put on top of cloud block devices encrypted with LUKS. It feels like a lot of layers, but it lets us add more encrypted disk space on the fly very easily (especially since I've got all this config set up in a chef cookbook). It seems to work just fine. I haven't done any testing, but I am pretty sure that it adds latency. But hey, if you need crypto, you need it. :-)
We currently store the keys to LUKS encrypted with the host's private chef key as a host attribute in the chef-server so that the key data at rest would be safe, and we have an init script that the cookbook installs early in the boot sequence that gets/decrypts the keys from chef, starts crypto up, and mounts the filesystems before postgres starts up. We've got some plans to improve this, but it's a heck of a lot better than storing them locally, and a heck of a lot cheaper than a real HSM.

Another option that we liked and tested out, but discarded because of cost, was Gazzang. They have a really slick setup. Pretty much plug n play, and work really well in the cloud, which is where we are.

The one thing that I have run into that was a problem with doing this on a loopback device mapped to a file on a host rather than directly on a real block device. We did this on some cassandra servers, and pretty quickly began seeing corruption. We never figured out where the problem was, but it was a real pain to deal with. I'd avoid doing that.

Hope that helps. Have fun!

-tspencer