Re: [GENERAL] Postgres Data Encryption Using LUKS with dm-crypt ?

On 06/19/2017 12:40 AM, Scott Marlowe wrote:
> On Sun, Jun 18, 2017 at 2:20 PM, Condor <condor@stz-bg.com> wrote:
>> What I should expect, what is good and bad things that can be happened.

I've run Postgres on a LUKS volume for a few years now and it's all been
pretty quiet. One challenge is you need to supply the password if the
server restarts. Automating that in a way that doesn't simply reveal the
password is tricky.

I'm not using RAID, so I can't speak to combing LUKS + RAID.

If you are on AWS, nowadays they have encrypted EBS volumes which will
do all this for you automatically. If I were setting up this system
today that's probably what I would have used.

 > I think the only real test here is to build a luks system, initiate
 > some pgbench type runs, wait a minute, run checkpoint and then yank
 > out the plug. Run a dozen or so times looking for data corruption.

I think this is really the right answer!

Paul