I know there has been recent discussion about implementing transparent
data encryption (TDE) in Postgres:
https://www.postgresql.org/message-id/CAD21AoAqtytk0iH6diCJW24oyJdS4roN-VhrFD53HcNP0s8pzA%40mail.gmail.com
I would like to now post a new extension I developed to handle
cryptographic key management in Postgres. It could be used with TDE,
with pgcrypto, and with an auto-encrypted data type. It is called
pgcryptokey and can be downloaded from:
https://momjian.us/download/pgcryptokey/
I am attaching its README file to this email.
The extension uses two-layer key storage, and stores the key in a
Postgres table. It allows the encryption key to be unlocked by the
client, or at boot time. (This would need to be modified to be a global
table if it was used for block-level encryption like TDE.)
I am willing to continue to develop this extension if there is interest.
Should I put it on PGXN eventually? It is something we would want in
/contrib?
--
Bruce Momjian <bruce@momjian.us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ As you are, so once was I. As I am, so you will be. +
+ Ancient Roman grave inscription +