| HN Mirror

Y	Hacker News new \| ask \| show \| jobs


	by arcticfox 1860 days ago
	Does anyone know if TDE has any chance of making it in to Postgres 14? My team needs to encrypt values in the database to satisfy some enterprise security requirements... Barring native TDE, does anyone have experience with Cossack Labs' Acra proxy? It seems to encrypt/ decrypt data coming in and out at a field level, which sounds slick, but I'm also concerned about maintenance and performance

3 comments

ants_a 1859 days ago

Encrypting the volume the database is stored is pretty much equivalent in security offered to TDE and satisfies all of the security requirements that I have encountered.

For field level encryption you should implement it in the application layer.

link

atonse 1860 days ago

I’m also curious about this and similar tools. It would be amazing if Hashicorp Vault just did this natively. (Functioned as a Postgres proxy)

link

et1337 1859 days ago

StrongDM is a Postgres proxy, and we integrate with Hashicorp Vault. (I work there)

link

atonse 1856 days ago

But it seems like StrongDM is more an identity proxy, rather than a proxy that transparently encrypts/decrypts data at the row level?

link

jkatz05 1860 days ago

TDE won't be in 14, but there is ongoing work to try to have it ready for 15.

link