| From: | Ron <ronljohnsonjr(at)gmail(dot)com> |
|---|---|
| To: | pgsql-general(at)lists(dot)postgresql(dot)org |
| Subject: | Re: Will PostgreSQL 16 supports native transparent data encryption ? |
| Date: | 2023-08-25 19:30:35 |
| Message-ID: | d99415a7-0b18-e3b4-8e83-a2f7c85ee079@gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On 8/24/23 14:08, Stephen Frost wrote:
> Greetings,
>
> * Ron (ronljohnsonjr(at)gmail(dot)com) wrote:
>> On 8/21/23 18:49, Bruce Momjian wrote:
>>> On Mon, Aug 21, 2023 at 07:02:46PM +0300, Mostafa Fathy wrote:
>>>> It is mentioned here https://www.postgresql.org/about/press/faq/#:~:text=
>>>> Q%3A%20What%20features%20will%20PostgreSQL%2016%20have%3F that native
>>>> transparent data encryption is being worked on and it may be delivered with
>>>> PostgreSQL 16.
>>>>
>>>> Is PostgreSQL 16 beta version includes native transparent data encryption or
>>>> not ? because I checked the docs https://www.postgresql.org/docs/16/index.html
>>>> and couldn't find anything related to transparent data encryption.
>>>>
>>>> If not supported yet in the beta version I would like to know if PostgreSQL 16
>>>> final version will support native transparent data encryption or not?
>>> Not, PG 16 will not support it, and I am unclear if later major versions
>>> will either.
>> That's disappointing, since TDE makes PCI audits that much simpler.
> There's ongoing work happening for TDE support and we'd love to hear
> from folks who would like to see it included.
PgBackRest currently encrypts it's binary backups.
1. What kind of encryption would there be? AES256 makes the auditors happy.
2. Would TDE-enabled pg_dump create encrypted dump files?
3. Would TDE obviate the need for PgBackRest's encryption?
4. How would encrypted "pg_dump --format=plain" work? Or could it only work
with the other formats (which is fine by me)?
> You can expect an updated patch set for the September commitfest.
For that which will be Pg 17?
> Getting more folks to test it
> and use it and review it would certainly help move it forward.
By any chance, will binaries be created after the September commitfest?
(Hoops must be jumped through to get development packages installed on the
database servers I have access to, but I'd jump through them if needed.)
--
Born in Arizona, moved to Babylonia.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | pan snowave | 2023-08-26 09:31:42 | ident auth does not works as usual |
| Previous Message | duc hiep ha | 2023-08-25 15:49:06 | Re: ora2pg -c ora2pg.conf -t COPY -a tablename not working properly |