PostGreSQL TDE encryption patch
Hi,
We are migrating our product to PostGreSQL from Oracle and as part of HIPPA(
https://en.wikipedia.org/wiki/Health_Insurance_Portability_and_Accountability_Act)
guidelines, we have a requirement to encrypt entire tablespace/specific
tables using Transparent data encryption(TDE).
I was looking at TDE solution in PostGreSQL and went through following wiki:
https://wiki.postgresql.org/wiki/Transparent_Data_Encryption
I found following TDE patch from this wiki:
/messages/by-id/CAD21AoBjrbxvaMpTApX1cEsO=8N=nc2xVZPB0d9e-VjJ=YaRnw@mail.gmail.com
However, I am not sure how to apply this patch and I had the
following questions:
1. We are using PostGreSQL 12. Is it possible to apply patches on top of
existing PostGreSQL installation?
2. Will it be available anytime sooner with a major release like PostGreSQL
13?
Regards,
Chirag.
Hi
CYBERTEC provided good installation guide (https://www.cybertec-postgresql.com/en/products/postgresql-transparent-data-encryption/).
Here is their answer to your question :
Q: Can I upgrade to an encrypted database?
A: In place encryption of existing clusters is currently not supported. A dump and reload to an encrypted instance is required, or logical replication can be used to perform the migration online.
Regards,
Patrick Fiche
Database Engineer, Aqsacom Sas.
c. 33 6 82 80 69 96
[01-03_AQSA_Main_Corporate_Logo_JPEG_White_Low.jpg]<http://www.aqsacom.com/>
From: Bhalodiya, Chirag <chirag.bhalodiya@contractors.roche.com>
Sent: Thursday, June 25, 2020 9:50 AM
To: pgsql-general@postgresql.org
Subject: PostGreSQL TDE encryption patch
Hi,
We are migrating our product to PostGreSQL from Oracle and as part of HIPPA(https://en.wikipedia.org/wiki/Health_Insurance_Portability_and_Accountability_Act) guidelines, we have a requirement to encrypt entire tablespace/specific tables using Transparent data encryption(TDE).
I was looking at TDE solution in PostGreSQL and went through following wiki:
https://wiki.postgresql.org/wiki/Transparent_Data_Encryption
I found following TDE patch from this wiki:
/messages/by-id/CAD21AoBjrbxvaMpTApX1cEsO=8N=nc2xVZPB0d9e-VjJ=YaRnw@mail.gmail.com
However, I am not sure how to apply this patch and I had the following questions:
1. We are using PostGreSQL 12. Is it possible to apply patches on top of existing PostGreSQL installation?
2. Will it be available anytime sooner with a major release like PostGreSQL 13?
Regards,
Chirag.
Attachments:
image002.pngimage/png; name=image002.pngDownload
Hi Patrick,
Thanks for the information. I was looking for out of box postgre solution
so wanted to know how to apply following patch on top of my postgre 12
installation:
/messages/by-id/CAD21AoBjrbxvaMpTApX1cEsO=8N=nc2xVZPB0d9e-VjJ=YaRnw@mail.gmail.com
Regards,
Chirag.
On Thu, Jun 25, 2020 at 3:33 PM Patrick FICHE <Patrick.Fiche@aqsacom.com>
wrote:
Show quoted text
Hi
CYBERTEC provided good installation guide (
https://www.cybertec-postgresql.com/en/products/postgresql-transparent-data-encryption/
).Here is their answer to your question :
*Q: Can I upgrade to an encrypted database?*
A: In place encryption of existing clusters is currently not supported. A
dump and reload to an encrypted instance is required, or logical
replication can be used to perform the migration online.Regards,
*Patrick Fiche*
Database Engineer, Aqsacom Sas.
*c.* 33 6 82 80 69 96
[image: 01-03_AQSA_Main_Corporate_Logo_JPEG_White_Low.jpg]
<http://www.aqsacom.com/>*From:* Bhalodiya, Chirag <chirag.bhalodiya@contractors.roche.com>
*Sent:* Thursday, June 25, 2020 9:50 AM
*To:* pgsql-general@postgresql.org
*Subject:* PostGreSQL TDE encryption patchHi,
We are migrating our product to PostGreSQL from Oracle and as part of
HIPPA(
https://en.wikipedia.org/wiki/Health_Insurance_Portability_and_Accountability_Act)
guidelines, we have a requirement to encrypt entire tablespace/specific
tables using Transparent data encryption(TDE).I was looking at TDE solution in PostGreSQL and went through following
wiki:https://wiki.postgresql.org/wiki/Transparent_Data_Encryption
I found following TDE patch from this wiki:
/messages/by-id/CAD21AoBjrbxvaMpTApX1cEsO=8N=nc2xVZPB0d9e-VjJ=YaRnw@mail.gmail.com
However, I am not sure how to apply this patch and I had the
following questions:1. We are using PostGreSQL 12. Is it possible to apply patches on top of
existing PostGreSQL installation?2. Will it be available anytime sooner with a major release like
PostGreSQL 13?Regards,
Chirag.
Attachments:
image002.pngimage/png; name=image002.pngDownload
On Thu, Jun 25, 2020 at 04:20:06PM +0530, Bhalodiya, Chirag wrote:
Hi Patrick,
Thanks for the information. I was looking for out of box postgre solution so
wanted to know how to apply following patch on top of my postgre 12
installation:
https://www.postgresql.org/message-id/
CAD21AoBjrbxvaMpTApX1cEsO%3D8N%3Dnc2xVZPB0d9e-VjJ%3DYaRnw%40mail.gmail.com��
The patch is for developers and not for production use.
---------------------------------------------------------------------------
Regards,
Chirag.��On Thu, Jun 25, 2020 at 3:33 PM Patrick FICHE <Patrick.Fiche@aqsacom.com>
wrote:Hi
�
CYBERTEC provided good installation guide (https://
www.cybertec-postgresql.com/en/products/
postgresql-transparent-data-encryption/).�
Here is their answer to your question :
Q: Can I upgrade to an encrypted database?
A: In place encryption of existing clusters is currently not supported. A
dump and reload to an encrypted instance is required, or logical
replication can be used to perform the migration online.�
Regards,
�
Patrick Fiche
Database Engineer, Aqsacom Sas.
c. 33 6 82 80 69 96
�
01-03_AQSA_Main_Corporate_Logo_JPEG_White_Low.jpg
�
From: Bhalodiya, Chirag <chirag.bhalodiya@contractors.roche.com>
Sent: Thursday, June 25, 2020 9:50 AM
To: pgsql-general@postgresql.org
Subject: PostGreSQL TDE encryption patch�
Hi,
�
We are migrating our product to PostGreSQL from Oracle and as part of HIPPA
(https://en.wikipedia.org/wiki/
Health_Insurance_Portability_and_Accountability_Act) guidelines, we have a
requirement to encrypt entire tablespace/specific tables using Transparent
data encryption(TDE).�
I was looking at TDE solution in PostGreSQL and went through following
wiki:https://wiki.postgresql.org/wiki/Transparent_Data_Encryption�
�
I found following TDE patch from this wiki:��
https://www.postgresql.org/message-id/
CAD21AoBjrbxvaMpTApX1cEsO%3D8N%3Dnc2xVZPB0d9e-VjJ%3DYaRnw%40mail.gmail.com
���
However, I am not sure how to apply this patch and I had the
following�questions:1. We are using PostGreSQL 12. Is it possible to apply patches on top of
existing PostGreSQL installation?2. Will it be available anytime sooner with a major release like PostGreSQL
13?��
Regards,
Chirag.
--
Bruce Momjian <bruce@momjian.us> https://momjian.us
EnterpriseDB https://enterprisedb.com
The usefulness of a cup is in its emptiness, Bruce Lee
Ok, thanks for the clarification.
On Thu, Jun 25, 2020 at 11:35 PM Bruce Momjian <bruce@momjian.us> wrote:
Show quoted text
On Thu, Jun 25, 2020 at 04:20:06PM +0530, Bhalodiya, Chirag wrote:
Hi Patrick,
Thanks for the information. I was looking for out of box postgre
solution so
wanted to know how to apply following patch on top of my postgre 12
installation:
https://www.postgresql.org/message-id/
CAD21AoBjrbxvaMpTApX1cEsO%3D8N%3Dnc2xVZPB0d9e-VjJ%3DYaRnw%40mail.gmail.com
The patch is for developers and not for production use.
---------------------------------------------------------------------------
Regards,
Chirag.On Thu, Jun 25, 2020 at 3:33 PM Patrick FICHE <Patrick.Fiche@aqsacom.com
wrote:
Hi
CYBERTEC provided good installation guide (https://
www.cybertec-postgresql.com/en/products/
postgresql-transparent-data-encryption/).Here is their answer to your question :
Q: Can I upgrade to an encrypted database?
A: In place encryption of existing clusters is currently notsupported. A
dump and reload to an encrypted instance is required, or logical
replication can be used to perform the migration online.Regards,
Patrick Fiche
Database Engineer, Aqsacom Sas.
c. 33 6 82 80 69 96
01-03_AQSA_Main_Corporate_Logo_JPEG_White_Low.jpg
From: Bhalodiya, Chirag <chirag.bhalodiya@contractors.roche.com>
Sent: Thursday, June 25, 2020 9:50 AM
To: pgsql-general@postgresql.org
Subject: PostGreSQL TDE encryption patchHi,
We are migrating our product to PostGreSQL from Oracle and as part
of HIPPA
(https://en.wikipedia.org/wiki/
Health_Insurance_Portability_and_Accountability_Act) guidelines, wehave a
requirement to encrypt entire tablespace/specific tables using
Transparent
data encryption(TDE).
I was looking at TDE solution in PostGreSQL and went through
following
wiki:
https://wiki.postgresql.org/wiki/Transparent_Data_Encryption
I found following TDE patch from this wiki:
https://www.postgresql.org/message-id/
CAD21AoBjrbxvaMpTApX1cEsO%3D8N%3Dnc2xVZPB0d9e-VjJ%3DYaRnw%40mail.gmail.com
However, I am not sure how to apply this patch and I had the
following questions:1. We are using PostGreSQL 12. Is it possible to apply patches on
top of
existing PostGreSQL installation?
2. Will it be available anytime sooner with a major release like
PostGreSQL
13?
Regards,
Chirag.
--
Bruce Momjian <bruce@momjian.us> https://momjian.us
EnterpriseDB https://enterprisedb.comThe usefulness of a cup is in its emptiness, Bruce Lee