On Thu, Oct 03, 2019 at 10:26:15AM -0400, Robert Haas wrote: > On Tue, Oct 1, 2019 at 12:19 PM Bruce Momjian <br...@momjian.us> wrote: > > Just to give more detail. Initially, there was a desire to store > > keys in only one place, either in the file system or in database > > tables. However, it became clear that the needs of booting the > > server and crash recovery required file system keys, and > > per-user/db keys were best done at the SQL level, so that indexing > > can be used, and logical dumps contain the locked keys. SQL-level > > storage allows databases to be completely independent of other > > databases in terms of key storage and usage. > > Wait, we're going to store the encryption keys with the database?
Encryption keys are fine there so long as decryption keys are separate. Best, David. -- David Fetter <david(at)fetter(dot)org> http://fetter.org/ Phone: +1 415 235 3778 Remember to vote! Consider donating to Postgres: http://www.postgresql.org/about/donate
