-
Notifications
You must be signed in to change notification settings - Fork 20
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
PG-1206 Reworked intro to pg_tde #353
base: main
Are you sure you want to change the base?
Conversation
Performance test results:
|
documentation/docs/faq.md
Outdated
|
||
## I use disk-level encryption. Why should I care about TDE? | ||
|
||
Encrypting hard drive encrypts all data, system and application files that are there. However, disk encryption doesn’t protect your data after the boot-up of your system. During runtime, the files are decrypted with disk-encryption. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"Encrypting a hard drive..." or "Encrypting hard drives.." also "..encrypts all data, including system and..." (that is easier to read I think).
18a0ba8
to
443f0b1
Compare
|
||
## How does it work? | ||
|
||
To encrypt the data, two types of keys are used: | ||
|
||
* Database keys to encrypt user data. These are stored internally, near the data that they encrypt. | ||
* Table encryption keys (TEK) to encrypt user data. These keys are stored internally, near the data that they encrypt. | ||
* The principal key to encrypt database keys. It is kept separately from the database keys and is managed externally. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
* The principal key to encrypt database keys. It is kept separately from the database keys and is managed externally. | |
* The principal key to encrypt table keys. It is kept separately from the table keys and is managed externally. |
|
||
* For DBAs: | ||
|
||
- Allows defining what to encrypt in the table and with what key | ||
- Encryption on storage level is not a must to provide data safety. However, using TDE and storage-level encryption together adds another layer of data security | ||
- Granular encryption of specific tablespaces and reducing the performance overhead that encryption brings |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- Granular encryption of specific tablespaces and reducing the performance overhead that encryption brings | |
- Granular encryption of specific tables and reducing the performance overhead that encryption brings |
PG-1206
Description
Reworked the intro on the index page to make it more appealing.
Added a link to what's TDE.
Added some FAQ