On Fri, Jun 14, 2019 at 02:12:07AM +0200, Tomas Vondra wrote: > FWIW my assumption was that we could just add an "encrypted" flag into > the main XLogRecord header, and then an extra part with important > encryption-related data - the key, and the important metadata needed by > external tools (e.g. relfilenode/block, needed by pg_waldump). > > Then we wouldn't need to reshuffle the WAL, I think.
I was thinking we would just encrypt the entire WAL file, and use the WAL file name as the IV. -- Bruce Momjian <br...@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + As you are, so once was I. As I am, so you will be. + + Ancient Roman grave inscription +
