Re: [HACKERS] WIP: Data at rest encryption

On 6/13/17 18:11, Stephen Frost wrote:
>> Let's see a proposal in those terms then.  How easy can you make it,
>> compared to existing OS-level solutions, and will that justify the
>> maintenance overhead?
> From the original post on this thread, which included a WIP patch:
> 
> ----------------------------------
> Usage
> =====
> 
> Set up database like so:
> 
>     (read -sp "Postgres passphrase: " PGENCRYPTIONKEY; echo;
>      export PGENCRYPTIONKEY
>      initdb -k -K pgcrypto $PGDATA )
> 
> Start PostgreSQL:
> 
>     (read -sp "Postgres passphrase: " PGENCRYPTIONKEY; echo;
>      export PGENCRYPTIONKEY
>      postgres $PGDATA )
> ----------------------------------

Relying on environment variables is clearly pretty crappy.  So if that's
the proposal, then I think it needs to be better.

-- 
Peter Eisentraut              http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services