On Fri, May 29, 2020 at 1:50 AM Masahiko Sawada <masahiko.saw...@2ndquadrant.com> wrote: > However, this usage has a downside that user secret can be logged to > server logs when log_statement = 'all' or an error happens. To deal > with this issue I've created a PoC patch on top of the key manager > patch which adds a libpq function PQencrypt() to encrypt data and new > psql meta-command named \encrypt in order to encrypt data while > eliminating the possibility of the user data being logged. > PQencrypt() just calls pg_encrypt() via PQfn(). Using this command the > above example can become as follows:
If PQfn() calls aren't currently logged, that's probably more of an oversight due to the feature being almost dead than something upon which we want to rely. -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company
