Hello, I think this is a very interesting topic, especially for European companies where data sovereignty in the cloud has become critical.
If I understand correctly, the idea is to split users into 'client users' who can see data unencrypted, and 'server users', who are administrators unable to decrypt data. A few questions: - how are secrets managed? Do you use a sort of vault to keep encryption keys? Is there a master key to encrypt session keys? - what about performances? Is it possible to use indexes on encrypted columns? Hi all, > > We have developed an extension, allowing PostgreSQL to run queries over > encrypted data. This functionality is achieved via user-defined functions > that extend encrypted data types and support commonly used expression > operations. Our tests validated its effectiveness with TPC-C and TPC-H > benchmarks. You may find the code here: https://github.com/SJTU-IPADS/HEDB > . > > This PoC is a reimplementation fork while collaborating with a cloud > database company; the aim is to enable their DBAs to manage databases > without the risk of data leaks, *meeting the requirements of laws such as > GDPR.* > > I am wondering if anyone thinks this is a nice feature. If so, I am > curious about the steps to further it mature and potentially have it > incorporated as a part of PostgreSQL contrib. > > Best regards, > Mingyu Li > -- best regards Giampaolo Capelli
