Re: Disk Encryption in Production

On Mar 25, 2014, at 3:30 PM, Carlos Espejo <carlosespejo@gmail.com> wrote:
> Anybody running their PostgreSQL server from a ecryptfs container? What are the common production setups out there?
Whatare the drawbacks that people have experienced with their solution? 

    We run postgres on XFS on lvm volumes put on top of cloud block devices encrypted with LUKS.  It feels like a lot
oflayers, but it lets us add more encrypted disk space on the fly very easily (especially since I've got all this
configset up in a chef cookbook).  It seems to work just fine.  I haven't done any testing, but I am pretty sure that
itadds latency.  But hey, if you need crypto, you need it.  :-)   
    We currently store the keys to LUKS encrypted with the host's private chef key as a host attribute in the
chef-serverso that the key data at rest would be safe, and we have an init script that the cookbook installs early in
theboot sequence that gets/decrypts the keys from chef, starts crypto up, and mounts the filesystems before postgres
startsup.  We've got some plans to improve this, but it's a heck of a lot better than storing them locally, and a heck
ofa lot cheaper than a real HSM. 

    Another option that we liked and tested out, but discarded because of cost, was Gazzang.  They have a really slick
setup. Pretty much plug n play, and work really well in the cloud, which is where we are. 

    The one thing that I have run into that was a problem with doing this on a loopback device mapped to a file on a
hostrather than directly on a real block device.  We did this on some cassandra servers, and pretty quickly began
seeingcorruption.  We never figured out where the problem was, but it was a real pain to deal with.  I'd avoid doing
that.

    Hope that helps.  Have fun!

        -tspencer