On Thu, Jun 13, 2019 at 09:14:13PM -0400, Bruce Momjian wrote:
> On Mon, Jun 3, 2019 at 12:04:54PM -0400, Robert Haas wrote:
> >
> > What I'm talking about here is that it also has to be reasonably
> > possible to write an encryption key command that does something
> > useful. I don't have a really clear vision for how that's going to
> > work. Nobody wants the server, which is probably being launched by
> > pg_ctl or systemd or both, to prompt using its own stdin/stderr, but
> > the we need to think about how the prompting is actually going to
> > work. One idea is to do it via the FEBE protocol: connect to the
> > server using libpq, issue a new command that causes the server to
> > enter COPY mode, and then send the encryption key as COPY data.
> > However, that idea doesn't really work, because we've got to be able
> > to get the key before we run recovery or reach consistency, so the
> > server won't be listening for connections at that point. Also, we've
> > got to have a way for this to work in single-user mode, which also
> > can't listen for connections. It's probably all fine if your
> > encryption key command is something like 'curl
> > https://my.secret.keyserver.me/sekcret.key' because then there's an
> > external server which you can just go access - but I don't quite
> > understand how you'd do interactive prompting from here. Sorry to get
> > hung up on what may seem like a minor point, but I think it's actually
> > fairly fundamental: we've got to have a clear vision of how end-users
> > will really be able to make use of this.
>
> pgcryptoey has an example of prompting from /dev/tty:
>
> http://momjian.us/download/pgcryptokey/
>
> Look at pgcryptokey_default.sample.
Also, look at pgcryptokey_default.c and its use with
shared_preload_libraries for a full example of prompting on server boot.
--
Bruce Momjian <bruce@momjian.us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ As you are, so once was I. As I am, so you will be. +
+ Ancient Roman grave inscription +