Re: Enquiry about TDE with PgSQL
| От | Bruce Momjian |
|---|---|
| Тема | Re: Enquiry about TDE with PgSQL |
| Дата | |
| Msg-id | aQjRwvAWApnh8Xk1@momjian.us обсуждение исходный текст |
| Ответ на | Re: Enquiry about TDE with PgSQL (rainer@ultra-secure.de) |
| Ответы |
Re: Enquiry about TDE with PgSQL
|
| Список | pgsql-general |
On Mon, Nov 3, 2025 at 04:39:45PM +0100, rainer@ultra-secure.de wrote: > Am 2025-11-03 16:08, schrieb Bruce Momjian: > > > Is it the Oracle API they don't like, that Postgres can improve upon, or > > something fundamental they don't like, or don't see the value in? > > > I am not sure. > > It just complicates everything. > Documentation isn't thin, it's skeletal. Okay, these are things we can improve on. It think the API of my final posted patch had a pretty simple API, but pushing that API out to external tools will add complexity I didn't implement, and that complexity could be a reason to reject TDE. > And of course, actual support from the HSM-vendor for this use-case is > non-existent. > Same for Oracle. Yes, my patch used shell scripts --- not sure if that is good or bad. I will admit that companies are better at integrating with external vendors, particulary hardware vendors. There is an organization mismatch betwween the community and companies, and the community basically forces companies to intract on community terms --- companies are a more natural iteraction for other companies. > > As far as I know, there are two ways to generate the data encryption > > key. One is for the HSM to generate it, and then only the HSM knows it. > > The other method is to create the encryption key on a USB memory stick, > > copy the key into the HSM, and then remove the USB memory stick and > > store it in a secure location like a safe. The second method seems like > > a better option to me. Oh, and make a second copy of the USB memory > > stick. > > > The keys are generated on the HSM. > There's HSM client you've got to install that manages the communication to > the HSM. > > The HSM should be backed up, too. Which is only possible by connecting > physically to it with a notebook and inserting an USB stick. The problem is that if anything happens with the HSM, you are stuck. The HSM adds an additional risk. > Which begs the question: where do you source an USB stick with the same > trust-level as the 20k-a-pop HSM? I don't know. -- Bruce Momjian <bruce@momjian.us> https://momjian.us EDB https://enterprisedb.com Do not let urgent matters crowd out time for investment in the future.
В списке pgsql-general по дате отправления: