On Sun, Dec 17, 2023 at 06:30:50AM +0000, Chris Travers wrote:
> Hi,
>
> I was re-reading the patches here and there was one thing I didn't understand.
>
> There are provisions for a separation of data encryption keys for primary and replica I see, and these share a single
WALkey.
>
> But if I am setting up a replica from the primary, and the primary is already encrypted, then do these forceably
sharethe same data encrypting keys? Is there a need to have (possibly in a follow-up patch) an ability to decrypt and
re-encryptin pg_basebackup (which would need access to both keys) or is this handled already and I just missed it?
Yes, decrypt and re-encrypt in pg_basebackup would be necessary, or in
the actual protocol stream.
--
Bruce Momjian <bruce@momjian.us> https://momjian.us
EDB https://enterprisedb.com
Only you can decide what is important to you.