On Fri, Apr 12, 2019 at 6:34 PM Haribabu Kommi <kommi.harib...@gmail.com> wrote: > > Hi Hackers, > > I read many mail discussions in supporting data at rest encryption support in > PostgreSQL. > > I checked the discussions around full instance encryption or tablespace or > table level encryption. In my observation, all the proposals are trying to > modify > the core code to support encryption. > > I am thinking of an approach of providing tablespace level encryption support > including WAL using an extension instead of changing the core code by adding > hooks in xlogwrite and xlogread flows, reorderbuffer flows and also by adding > smgr plugin routines to support encryption and decryption of other pages. > > Definitely this approach does't work for full instance encryption. > > Any opinions/comments/problems in evaluating the encryption with an extesnion > approach? >
The discussion[1] of similar proposal might be worth to read. The proposal was adding hook in BufferSync, although for differential backup purpose. [1] https://www.postgresql.org/message-id/20051502087...@webcorp01e.yandex-team.ru Regards, -- Masahiko Sawada NIPPON TELEGRAPH AND TELEPHONE CORPORATION NTT Open Source Software Center
