On 5/18/23 11:49, Ron wrote:
> On 5/18/23 10:54, Stephen Frost wrote:
>> Greetings,
>>
>> * Tony Xu (tony(dot)xu(at)rubrik(dot)com) wrote:
>>> The FAQ (copied below) mentioned that native transparent data encryption
>>> might be included in 16. Is it fair to assume that it will support database
>>> level encryption, that is, we can use two encryption keys for two databases
>>> in the same server, respectively? How can one verify that?
>> The current work to include TDE in PG isn't contemplating a per-database
>> key option. What's the use-case for that? Why do you feel that you'd
>> need two independent keys?
>
> I don't /feel/ that key-per-database us useful; I /know/ that
> key-per-database is useful, since the databases can be different
> projects for different companies. Each wants it's own encryption key
> so that no one else can get to their at-rest data.
>
> (pg_dump files will automatically be encrypted, right?)
>
> --
> Born in Arizona, moved to Babylonia.
Ron, this sounds like a revenue opportunity: "Oh you want your own key,
well then we'll have to spin up another server just for you so you're
all separate and special-like. Way more secure that way."