On Wed, 2021-03-17 at 14:05 +0200, Yambu wrote: > Where should we store the encryption key after encrypting column data? > > We are planning to store it in a table which we will restrict access to, but i wonder if this is the best place. > > We are using pgcryto and pg v10. For good security, you don't store the key in the database, but somewhere else. Otherwise the database superuser can get at your data. For better security, don't use pgcrypto, so that you don't have to send the secret to the database server (even if it is not persisted there). Yours, Laurenz Albe -- Cybertec | https://www.cybertec-postgresql.com
