Jeremy Schneider wrote:
> Survey for the user community here on the pgsql-general list: it would
> be great if lots of people could chime in by answering two questions
> about your very own production environment:
>
> question 1) are you worried about scripts in your production environment
> wher
From: Michel Pelletier
Sent: 05 July 2020 23:32
To: Sam Gendler
Cc: Zahir Lalani ; pgsql-gene...@postgresql.org
Subject: Re: Application Level Encryption
On Sun, Jul 5, 2020 at 3:23 PM Sam Gendler
mailto:sgend...@ideasculptor.com>> wrote:
On Sun, Jul 5, 2020 at 11:41 AM Michel Pelletier
ma
On Sun, Jul 5, 2020 at 3:23 PM Sam Gendler
wrote:
>
>
> On Sun, Jul 5, 2020 at 11:41 AM Michel Pelletier <
> pelletier.mic...@gmail.com> wrote:
>
>>
>>
>> I'm working on an approach where the decrypted DEK only lives for the
>> lifetime of a transaction, this means hitting the kms on every transa
On Sun, Jul 5, 2020 at 11:41 AM Michel Pelletier
wrote:
>
>
> I'm working on an approach where the decrypted DEK only lives for the
> lifetime of a transaction, this means hitting the kms on every transaction
> that uses keys. It will be slower, but the time the decrypted key stays in
> memory w
On Sun, Jul 5, 2020 at 10:14 AM Zahir Lalani
wrote:
>
>
>
>
> So what Michael has posted above is actually the target. We are hosted in
> Google Cloud and have been told that we need to use a key manager outside
> of PG (Google have KMS) and that it must have a master key which is rotated
> regul
From: Michel Pelletier
Sent: 05 July 2020 17:00
To: Zahir Lalani
Cc: pgsql-gene...@postgresql.org
Subject: Re: Application Level Encryption
Hi Zahir,
pgsodium is a new-ish encyption extension built around the libsodium encryption
API.
https://github.com/michelp/pgsodium
It supports calling
Hi Zahir,
pgsodium is a new-ish encyption extension built around the libsodium
encryption API.
https://github.com/michelp/pgsodium
It supports calling a script to load a hidden key in memory and use that
key to derive other keys. There's an example shown in the documentation.
I'm working on sup
HFSQL - Not a so popular database allow us to encrypt and password protect
every tables [ they term Tables as Files ]. Without password those tables
could not read even through HFSQL management centre [ like pgadmin].
May be such a facility you refer ?
Sent from Yahoo Mail on Android
On
On Sun, Jul 5, 2020 at 1:22 AM Zahir Lalani
wrote:
> Hello
>
>
>
> Does anyone have any serious experience of implementing app level
> encryption with strong key management?
>
>
>
> If so would like to arrange an offline chat please
>
Others might be interested as well.
Might be useful to have s
