Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Storing encrypted data in Postgres [closed]

I have a requirement to store certain data in an encrypted form in Postgres. Obviously, I need to encrypt it, store it, and be able to read and decrypt it. What is the best way to do this?

like image 303
Joe Avatar asked Nov 08 '11 17:11

Joe


People also ask

Is Postgres data encrypted at rest?

While there are options such as Crunchy Hardened PostgreSQL that offer TDE solutions, you can still encrypt your PostgreSQL data at rest today by doing so at the disk level. In a Kubernetes environment, this is done by using a storage class that supports encryption.

Does PostgreSQL support transparent data encryption?

Transparent Data Encryption (TDE) is a CYBERTEC encryption patch for PostgreSQL. It is currently the only implementation that supports transparent and cryptographically safe data (cluster) level encryption, independent of operating system or file system encryption.

What encryption does Postgres use?

PostgreSQL has native support for using SSL connections to encrypt client/server communications for increased security. This requires that OpenSSL is installed on both client and server systems and that support in PostgreSQL is enabled at build time (see Chapter 15).


1 Answers

The best way is to do the crypto on the client or application server, so the database has no idea what the keys are and cannot decrypt the data. If the client / appserver are on a different host, all the better.

If your database is encrypting and decrypting the data for you, then it's vulnerable to having the keys stolen along with the database.

If you use pgcrypto's in-database crypto functions you can have the application send the key along with the data, which is at least somewhat helpful. It still risks having the keys exposed in the logs if a helpful sysadmin turns on aggressive statement logging or automatic plan dumping, though, and in the end if the keys are going to the database machine they're more vulnerable than if they're not. An attacker who takes control of the database machine can also change log settings, replace the postgresql binaries, or sniff traffic to capture keys and data this way.

If the appserver and db are on the same machine and managed by the same role(s) there's less point worrying about isolating them, and it may be sensible to just use pgcrypto.

Either way, remember to salt!

like image 172
Craig Ringer Avatar answered Oct 07 '22 03:10

Craig Ringer