On Mon, Sep 30, 2019 at 5:26 PM Bruce Momjian <br...@momjian.us> wrote: > For full-cluster Transparent Data Encryption (TDE), the current plan is > to encrypt all heap and index files, WAL, and all pgsql_tmp (work_mem > overflow). The plan is: > > > https://wiki.postgresql.org/wiki/Transparent_Data_Encryption#TODO_for_Full-Cluster_Encryption > > We don't see much value to encrypting vm, fsm, pg_xact, pg_multixact, or > other files. Is that correct? Do any other PGDATA files contain user > data?
As others have said, that sounds wrong to me. I think you need to encrypt everything. I'm not sold on the comments that have been made about encrypting the server log. I agree that could leak data, but that seems like somebody else's problem: the log files aren't really under PostgreSQL's management in the same way as pg_clog is. If you want to secure your logs, send them to syslog and configure it to do whatever you need. -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company
