| From: | Paul Jungwirth <pj(at)illuminatedcomputing(dot)com> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: PG and database encryption |
| Date: | 2017-08-22 20:16:53 |
| Message-ID: | a5a5f06e-b521-3aa3-6ad2-56082365519a@illuminatedcomputing.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On 08/22/2017 01:08 PM, John McKown wrote:
> On Tue, Aug 22, 2017 at 2:48 PM, rakeshkumar464
> <rakeshkumar464(at)outlook(dot)com> wrote:
>> We have a requirement to encrypt the entire database.
>
> Personally, what I'd do (and actually do at work) is to us LUKS.
I second that, although I'll add that if you're on AWS you can also use
encrypted EBS volumes. You get a very similar effect, except all you
need to do is tick a checkbox (or set a CloudFormation attribute, etc.).
Also you can get unattended reboots without storing the key somewhere
vulnerable. There may be perf advantages too; I'm not sure.
Good luck!
Paul
| From | Date | Subject | |
|---|---|---|---|
| Next Message | rakeshkumar464 | 2017-08-22 20:27:32 | Re: PG and database encryption |
| Previous Message | Ron Johnson | 2017-08-22 20:11:52 | Re: PG and database encryption |