Re: "WIP: Data at rest encryption" patch and, PostgreSQL 11-beta3
| От | Bruce Momjian |
|---|---|
| Тема | Re: "WIP: Data at rest encryption" patch and, PostgreSQL 11-beta3 |
| Дата | |
| Msg-id | 20190706023307.dt2nh2l42i7ahu4m@momjian.us обсуждение исходный текст |
| Ответ на | Re: "WIP: Data at rest encryption" patch and, PostgreSQL 11-beta3 (Peter Eisentraut <peter.eisentraut@2ndquadrant.com>) |
| Список | pgsql-hackers |
On Tue, Jun 25, 2019 at 02:28:00PM +0200, Peter Eisentraut wrote: > On 2019-06-17 11:23, Antonin Houska wrote: > > I'm thinking how to teach postmaster to accept FEBE protocol connections > > temporarily, just to receive the key. The user applications like pg_ctl, > > initdb or pg_upgrade would retrieve the key / password from the DBA, then > > start postmaster and send it the key. > > > > Perhaps the message format should be a bit generic so that extensions like > > this can use it to receive their keys too. > > > > (The idea of an unix socket or named pipe I proposed upthread is not good > > because it's harder to implement in a portable way.) > > How are the requirements here different from ssl_passphrase_command? > Why do we need a new mechanism? Agreed. My pgcryptokey prompting shell script was mostly a proof-of-concept. -- Bruce Momjian <bruce@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + As you are, so once was I. As I am, so you will be. + + Ancient Roman grave inscription +
В списке pgsql-hackers по дате отправления: