Data Encryption at Rest for Postgres..

462 views
Skip to first unread message

rakesh goyal

unread,
Apr 27, 2017, 9:43:09 AM4/27/17
to Vault
Hi,

Can we use Vault for data encryption at rest for databases like Posrgres? I mean, we want the data to be encrypted on the disk and Vault to act as a proxy to provide encryption and decryption capabilities the way it is provided by Amazon RDS (Relational Database Service) using AWS KMS. I went through Vault Transit documentation but its not very clear to me at this stage. 

Thanks,
Rakesh

Jeff Mitchell

unread,
Apr 27, 2017, 9:46:02 AM4/27/17
to Vault
Hi Rakesh,

You can certainly do it with Transit, but you'd have to encrypt/decrypt outside the confines of the database -- for instance, using a proxy layer that you send queries to and first roundtrips data to/from Vault. I think there has been some interest in the postgres community for a plugin that will do this automatically for you but I don't think such a postgres plugin exists right now.

If you're interested in using Vault for database encryption, do take a look at convergent encryption as it allows you to search within the encrypted data.

Best,
Jeff

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/hashicorp/vault/issues
IRC: #vault-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Vault" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vault-tool+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/110ca62a-26ae-4324-be6b-d0e0030bbf4a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

rakesh goyal

unread,
Apr 28, 2017, 8:49:25 AM4/28/17
to vault...@googlegroups.com
Thanks Jeff. I will try Vault Transit and update community if it works out for us.

You received this message because you are subscribed to a topic in the Google Groups "Vault" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/vault-tool/kzo1olPvyH4/unsubscribe.
To unsubscribe from this group and all its topics, send an email to vault-tool+unsubscribe@googlegroups.com.
 To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/CAORe8GFVr8iLmYW1Q0EoDUf9%3DzY2%2BZv9Xj5X1N7NPT-zgrBaBw%40mail.gmail.com.
Reply all
Reply to author
Forward
0 new messages