Here is a status report of where I think we are with cluster file
encryption.
The last patch for temporary file I/O centralization is from April 20:
https://www.postgresql.org/message-id/24759.1650466826@antos
Once that is done I can modify my patch set to switch from CTR to XTS
mode and hook into the temporary file I/O centralization code. After
that, we need to work on the WAL encryption code and tool support.
Replication must also be handled.
I think once the temporary file I/O centralization is done we can
consider putting some of my patch set into the tree once PG 16 opens for
development --- the first step might be the key management feature.
I have updated my cluster file encryption presentation to show diagrams
of the architecture:
https://momjian.us/main/writings/pgsql/cfe.pdf
Hopefully that helps.
--
Bruce Momjian <[email protected]> https://momjian.us
EDB https://enterprisedb.com
Indecision is a decision. Inaction is an action. Mark Batterson
