On Tue, Jul 9, 2019 at 9:01 PM Joe Conway <m...@joeconway.com> wrote: > > On 7/9/19 6:07 AM, Peter Eisentraut wrote: > > On 2019-07-08 18:09, Joe Conway wrote: > >> In my mind, and in practice to a > >> large extent, a postgres tablespace == a unique mount point. > > > > But a critical difference is that in file systems, a separate mount > > point has its own journal. > > While it would be ideal to have separate WAL, and even separate shared > buffer pools, per tablespace, I think that is too much complexity for > the first implementation and we could have a single separate key for all > WAL for now.
If we encrypt different tables with different keys I think we need to encrypt WAL with the same keys as we used for tables, as per discussion so far. And we would need to encrypt each WAL records, not whole WAL 8k pages. Regards, -- Masahiko Sawada NIPPON TELEGRAPH AND TELEPHONE CORPORATION NTT Open Source Software Center