| From: | Paul Jungwirth <pj(at)illuminatedcomputing(dot)com> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Postgres Data Encryption Using LUKS with dm-crypt ? |
| Date: | 2017-06-19 15:45:48 |
| Message-ID: | f68042e3-c451-dc98-5284-32fb2ac8c7fa@illuminatedcomputing.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On 06/19/2017 12:40 AM, Scott Marlowe wrote:
> On Sun, Jun 18, 2017 at 2:20 PM, Condor <condor(at)stz-bg(dot)com> wrote:
>> What I should expect, what is good and bad things that can be happened.
I've run Postgres on a LUKS volume for a few years now and it's all been
pretty quiet. One challenge is you need to supply the password if the
server restarts. Automating that in a way that doesn't simply reveal the
password is tricky.
I'm not using RAID, so I can't speak to combing LUKS + RAID.
If you are on AWS, nowadays they have encrypted EBS volumes which will
do all this for you automatically. If I were setting up this system
today that's probably what I would have used.
> I think the only real test here is to build a luks system, initiate
> some pgbench type runs, wait a minute, run checkpoint and then yank
> out the plug. Run a dozen or so times looking for data corruption.
I think this is really the right answer!
Paul
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Merlin Moncure | 2017-06-19 15:49:59 | Re: effective_io_concurrency increasing |
| Previous Message | Jeff Janes | 2017-06-19 15:36:55 | Re: effective_io_concurrency increasing |