On Thu, Oct 03, 2019 at 10:26:15AM -0400, Robert Haas wrote:
> On Tue, Oct 1, 2019 at 12:19 PM Bruce Momjian <bruce@momjian.us> wrote:
> > Just to give more detail. Initially, there was a desire to store
> > keys in only one place, either in the file system or in database
> > tables. However, it became clear that the needs of booting the
> > server and crash recovery required file system keys, and
> > per-user/db keys were best done at the SQL level, so that indexing
> > can be used, and logical dumps contain the locked keys. SQL-level
> > storage allows databases to be completely independent of other
> > databases in terms of key storage and usage.
>
> Wait, we're going to store the encryption keys with the database?
Encryption keys are fine there so long as decryption keys are
separate.
Best,
David.
--
David Fetter <david(at)fetter(dot)org> http://fetter.org/
Phone: +1 415 235 3778
Remember to vote!
Consider donating to Postgres: http://www.postgresql.org/about/donate