Matthias van de Meent <boekewurm+postg...@gmail.com> wrote: > On Mon, 11 Apr 2022 at 10:05, Antonin Houska <a...@cybertec.at> wrote: > > > > There are't really that many kinds of files to encrypt: > > > > https://wiki.postgresql.org/wiki/Transparent_Data_Encryption#List_of_the_files_that_contain_user_data > > > > (And pg_stat/* files should be removed from the list.) > > I was looking at that list of files that contain user data, and > noticed that all relation forks except the main fork were marked as > 'does not contain user data'. To me this seems not necessarily true: > AMs do have access to forks for user data storage as well (without any > real issues or breaking the abstraction), and the init-fork is > expected to store user data (specifically in the form of unlogged > sequences). Shouldn't those forks thus also be encrypted-by-default, > or should we provide some other method to ensure that non-main forks > with user data are encrypted?
Thanks. I've updated the wiki page (also included Robert's comments). -- Antonin Houska Web: https://www.cybertec-postgresql.com
