Re: Moving forward with TDE
| От | Bruce Momjian |
|---|---|
| Тема | Re: Moving forward with TDE |
| Дата | |
| Msg-id | ZYshmKIqP9GR1rzX@momjian.us обсуждение исходный текст |
| Ответ на | Re: Moving forward with TDE (Chris Travers <chris.travers@gmail.com>) |
| Список | pgsql-hackers |
On Sun, Dec 17, 2023 at 06:30:50AM +0000, Chris Travers wrote: > Hi, > > I was re-reading the patches here and there was one thing I didn't understand. > > There are provisions for a separation of data encryption keys for primary and replica I see, and these share a single WALkey. > > But if I am setting up a replica from the primary, and the primary is already encrypted, then do these forceably sharethe same data encrypting keys? Is there a need to have (possibly in a follow-up patch) an ability to decrypt and re-encryptin pg_basebackup (which would need access to both keys) or is this handled already and I just missed it? Yes, decrypt and re-encrypt in pg_basebackup would be necessary, or in the actual protocol stream. -- Bruce Momjian <bruce@momjian.us> https://momjian.us EDB https://enterprisedb.com Only you can decide what is important to you.
В списке pgsql-hackers по дате отправления: