Re: Proposed patch for key managment

Mon, 14 Dec 2020 15:06:43 -0800 

On Wed, Dec  2, 2020 at 04:38:14PM -0500, Bruce Momjian wrote:
> Attached is a patch for key management, which will eventually be part of
> cluster file encryption (CFE), called TDE (Transparent Data Encryption)
> by Oracle.  It is an update of Masahiko Sawada's patch from July 31:
> 
>       
> https://www.postgresql.org/message-id/ca+fd4k6rjwnvztro3q2f5hsdd8hgyuc4cuy9u3e6ran4c6t...@mail.gmail.com
> 
> Sawada-san did all the hard work, and I just redirected the patch.  The
> general outline of this CFE feature can be seen here:
> 
>       https://wiki.postgresql.org/wiki/Transparent_Data_Encryption
> 
> The currently planned progression for this feature is to allow secure
> retrieval of key encryption keys (KEK) outside of the database, then use
> those to encrypt data keys that encrypt heap/index/tmpfile files.
...
> If most people approve of this general approach, and the design
> decisions made, I would like to apply this in the next few weeks, but
> this brings complications.  The syntax added by this commit might not
> provide a useful feature until PG 15, so how do we hide it from users. 
> I was thinking of not applying the doc changes (or commenting them out)
> and commenting out the --help output.

I am getting close to applying these patches, probably this week.  The
patches are cumulative:

        https://github.com/postgres/postgres/compare/master...bmomjian:key.diff
        
https://github.com/bmomjian/postgres/compare/key...bmomjian:key-alter.diff

I do have a few questions:

        Why is KmgrShmemData a struct, when it only has a single member?  Are
        all shared memory areas structs?
        
        Should pg_altercpass be using fsync's for directory renames?
        
        Can anyone test this on Windows, particularly -R handling?
        
        What testing infrastructure should this have?
        
        There are a few shell script I should include to show how to create
        commands.  Where should they be stored?  /contrib module?
        
        Are people okay with having the feature enabled, but invisible
        since the docs and --help output are missing?  When we enable
        ssl_passphrase_command to prompt from the terminal, some of the
        command-line options will be useful.

        Do people like the command-letter choices?

        I called the alter passphrase utility pg_altercpass.  I could
        have called it pg_clusterpass, but I wanted to highlight it is
        only for changing the passphrase, not for creating them.

-- 
  Bruce Momjian  <br...@momjian.us>        https://momjian.us
  EnterpriseDB                             https://enterprisedb.com

  The usefulness of a cup is in its emptiness, Bruce Lee

Reply via email to