Database encryption?

Implementation - Implémentation
1

Hello all! Do you guys encrypt your Postgress databases?
I am wondering what kind of hit the performance takes when that happens and what level of encryption you use.

–regards and have a nice day!

1 Like
2

Hi Gutorm!

It’s not common to fully encrypt databases with something like:(Transparent Data Encryption - PostgreSQL wiki).
However, pgcrypto can be used in a more limited fashion, e.g. for a subset of data that is considered very sensitive.
See: (PostgreSQL: Documentation: 16: F.28. pgcrypto — cryptographic functions)We have some limited encryption support internally for “confidential” values in DHIS2, see: (Data encryption in DHIS), (https://docs.dhis2.org/en/manage/performing-system-administration/dhis-core-version-240/installation.html?h=encry+2.40#install_encry[…]configuration)
This encryption feature is very limited and makes it impossible to search the encrypted values. I highly recommend to use this feature for an extremely limited set of data.What I would recommend is to do some encryption at rest to protect against attacks that gains access to the physical (hardware, think decommissioned harddrives) and backups.
Something like e.g. device encryption (dm-crypt/Device encryption - ArchWiki) and/or (https://www.imagescape.com/blog/encrypted-postgres-backups/) (edited)

2 Likes
3

A lot depends on the purpose of encryption.

One technique that is very straightforward to achieve encryption-at-rest is to just put your postgresql $PGDATA directory on to an encrypted volume and let the OS handle encryption. This can be quite important, for example to make sure traces of your plain text data are not left lying around in cloud storage which might get recycled amongst other clients.

Common ways to do this on linux include LUKS or even ZFS native encrypted volumes.

Remember that this ensures that your data is never physically stored on disk in plain text. But obviously if you have access to the running machine with the disk mounted you have acces to the data.

Important things to consider:

  1. make sure you have configured swap off or at least that swap partition is also encrypted
  2. don’t leave unencrypted copies of database dumps lying around in unencrypted storage.

The cpu cost nowadays of encrypting at the filesystem level is not anywhere near as significant as it used to be.

Regards
Bob

2 Likes