On Tue, Aug 22, 2017 at 2:48 PM, rakeshkumar464 <rakeshkumar464@xxxxxxxxxxx> wrote: > We have a requirement to encrypt the entire database. What is the best tool > to accomplish this. Our primary goal is that it should be transparent to the > application, with no change in the application, as compared to un-encrypted > database. Reading about pgcrypto module, it seems it is good for few columns > only and using it to encrypt entire database is not a good use-case. > > Is this which can be done best by file level encryption? What are the good > tools on Linux (RHES), preferably open-source. > > Thanks In addition to the link that Joshua gave you, there is this: https://www.enterprisedb.com/blog/postgres-and-transparent-data-encryption-tde Personally, what I'd do (and actually do at work) is to us LUKS. This is a "full disk encryption". When the filesystem is mounted, the system asks for the password. Unfortunately, this method allows all users who have the proper authority (UNIX & SELinux) to read (maybe write) the underlying files. Of course, a properly secured environment would not allow this, but systems can be hacked. And it does not address any off-filesystem backups, which would need to be separately encrypted. LUKS is a good method, IMO, to protect the data if the media is stolen, but not for protecting the individual files from improper access. SELinux is pretty good at that. -- If you look around the poker table & don't see an obvious sucker, it's you. Maranatha! <>< John McKown -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
