On 2019-Jul-05, Stephen Frost wrote: > I had been specifically thinking of tablespaces because we might be able > to do something exactly along these lines- keep which tablespace the > data is in directly in the WAL (and not encrypted), but then have the > data itself be encrypted, and with the key for that tablespace.
Hmm, I was imagining that the user-level data is encrypted, while the metadata such as the containing relfilenode is not encrypted and thus can be read by system processes such as checkpointer or WAL-apply without needing to decrypt anything. Maybe I'm just lacking imagination for an attack that uses that unencrypted metadata, though. > Splitting the WAL by tablespace would be even nicer, of course... :) Hmm, I think you would have to synchronize the apply anyway (i.e. not replay in one tablespace ahead of a record in another tablespace with an earlier LSN.) What are you thinking are the gains of doing that, anyway? -- Álvaro Herrera https://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services