Re: Application Level Encryption
От | Michel Pelletier |
---|---|
Тема | Re: Application Level Encryption |
Дата | |
Msg-id | CACxu=vLuHL10NLTQ1LfEmyqGXq4AbxBR8-2Q+CevMrFT7aDc5Q@mail.gmail.com обсуждение исходный текст |
Ответ на | RE: Application Level Encryption (Zahir Lalani <ZahirLalani@oliver.agency>) |
Ответы |
Re: Application Level Encryption
|
Список | pgsql-general |
So what Michael has posted above is actually the target. We are hosted in Google Cloud and have been told that we need to use a key manager outside of PG (Google have KMS) and that it must have a master key which is rotated regularly. We are having a debate about what to encrypt – “it must encrypt our data” – we are multi-tenanted and also we have data that is not client facing in each tenant. I worry about applying app level to all data for sheer performance reasons.
We have suggested we only encrypt what is truly client data so that we do not have to refactor everything.
The other challenge we have is the external reporting tools we use – none of these will work as, and we cannot pass them the unencrypted data.
So I wanted to understand approaches that could be taken and how to minimise performance impacts and how to manage the use of 3rd party tools
Hope that makes sense
Z
В списке pgsql-general по дате отправления: