Hi,
> the idea is to split users into 'client users' who can see data unencrypted, and 'server users', who are administrators unable to decrypt data.
Exactly!
> how are secrets managed? Do you use a sort of vault to keep encryption keys?
Good question. The client holds the key and uses a proxy for transparent encryption. The implementation also assumes secure storage of encryption keys in hardware-protected memory called "enclaves". Only client users and server enclaves have access to the plaintext. Please take a glance at page 5 of the slide:
www.usenix.org/system/files/osdi23_slides_li_mingyu_v2.pdf. Modern clouds like OVH and Azure now offer hardware enclaves. If enclaves are not available, a rich client-side proxy can be used, with extra round-trip costs.
> Is there a master key to encrypt session keys?
There should be.
> what about performances?
TPC-C overhead is <50%. TPC-H overhead ranges from 5-20 times the baseline; there is room for TPC-H improvement and we are working on it.
> Is it possible to use indexes on encrypted columns?
Yes. The extension allows client users to intentionally reveal the ordering of encrypted columns for indexing purposes.
--
Best,
Mingyu