Stephen Frost <sfrost@snowman.net> writes:
> * David Hedberg (david.hedberg@gmail.com) wrote:
>> The idea is to add a --pipe option to pg_dump / pg_restore where you
>> can specify a custom shell command that is used to write / read each
>> .dat-file. Usage examples include encryption with pgp and/or custom
>> compression pipelines. %p in the command is expanded to the path to
>> write to / read from. The pipe command is not applied to the toc.
> I would certainly think that we'd want to have support for custom format
> dumps too..
This seems like rather a kluge :-(. In the context of encrypted dumps
in particular, I see no really safe way to pass an encryption key down
to the custom command --- either you put it in the command line to be
exec'd, or you put it in the process environment, and neither of those
are secure on all platforms.
The assumption that the TOC doesn't need encryption seems pretty
shaky as well.
So I think we'd be better off proceeding as Stephen envisions.
Maybe there are use-cases for the sort of thing David is proposing,
but I don't think encrypted dumps present a good argument for it.
regards, tom lane