On Thu, Feb 7, 2019 at 3:28 AM Masahiko Sawada <sawada.m...@gmail.com> wrote: > WAL encryption will follow as an additional feature.
I don't think WAL encryption is an optional feature. You can argue about whether it's useful to encrypt the disk files in the first place given that there's no privilege boundary between the OS user and the database, but a lot of people seem to think it is and maybe they're right. However, who can justify encrypting only SOME of the disk files and not others? I mean, maybe you could justify not encryption the SLRU files on the grounds that they probably don't leak much in the way of interesting information, but the WAL files certainly do -- your data is there, just as much as in the data files themselves. To be honest, I think there is a lot to like about the patches Cybertec has proposed. Those patches don't have all of the fancy key-management stuff that you are proposing here, but maybe that stuff, if we want it, could be added, rather than starting over from scratch. It seems to me that those patches get a lot of things right. In particular, it looked to me when I looked at them like they made a pretty determined effort to encrypt every byte that might go down to the disk. It seems to me that you if you want encryption, you want that. -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company