Re: Encryption / Decryption via PGCrypto
| От | Evan Bauer |
|---|---|
| Тема | Re: Encryption / Decryption via PGCrypto |
| Дата | |
| Msg-id | 95B4AD74-4749-4018-A2F9-93C550E52E69@mac.com обсуждение исходный текст |
| Ответ на | Re: Encryption / Decryption via PGCrypto (Stéphane KANSCHINE <stephane@hexack.fr>) |
| Список | pgsql-admin |
All depends on how secure you want to be in the event of a hostile network penetration. If the answer is “very”, consider using a key management solution — either software (I like Hashicorp Vault) or dedicatedHSM hardware from someone like Gemalto or Thales. Having the key on a separate server doesn’t help if the application server is compromised. Cheers, Evan Sent from my iPhone > On Oct 24, 2018, at 05:00, Stéphane KANSCHINE <stephane@hexack.fr> wrote: > > > Hi, > > Le mer. 24 oct., vers 08:27, Anjul Tyagi exprimait : >> >> We are implementing the pgcrypto in our database to encrypt and decrypt the >> Column data. for testing purpose we have generate the PGP public / private >> key and use those when we read and write data. >> >> How can we secure the key, if we keep the key outside how can we use that >> into query. > > We keep the private key on the app server. It communicates with postgres > through SSL and postgres logs aren't too verbose in order to avoid key > exposition. > > If there's a better way, i'm curious of it. > > Regards, > -- > Stéphane KANSCHINE - https://www.hexack.fr./ - https://www.nuajik.io./ > @ stephane@hexack.fr > +33 6 64 31 72 52 >
В списке pgsql-admin по дате отправления: