Thanks all for the discussions. It sounds like there are different questions to clear before we can get to a conclusion on if per-database KEK is possible or not.
First question - do we, as a community, see the value of the proposal and do we believe that value is big enough for us to make any necessary changes to PostgreSQL? Another way to ask is, do we want/need to keep the parity with other database solutions that already have such ability?
If the answer to the first question is no, then I will stop here.
However, if the answer is yes or "it depends", then the second question is on how - It seems that per-cluster KEK can be a a good alternative to achieve the same as per-db KEK, however, there are still some shared area between clusters. Is it possible to further split this shared area? Are there more shared memory/storage between clusters?
First question - do we, as a community, see the value of the proposal and do we believe that value is big enough for us to make any necessary changes to PostgreSQL? Another way to ask is, do we want/need to keep the parity with other database solutions that already have such ability?
If the answer to the first question is no, then I will stop here.
However, if the answer is yes or "it depends", then the second question is on how - It seems that per-cluster KEK can be a a good alternative to achieve the same as per-db KEK, however, there are still some shared area between clusters. Is it possible to further split this shared area? Are there more shared memory/storage between clusters?
In the proposed TDE work, yes, each cluster (which is an entier
PostgreSQL system) would be able to have its own KEK.
There's a bit of overhead from each cluster and each would have their
own shared buffers pool of memory and such.
Thanks
Tony
