Want to explore possibility of schema level keys with tde #451
Unanswered
mathewjustin
asked this question in
Q&A
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
I’ve gone through the pg_tde multi-tenancy documentation and see that it supports encrypting multiple databases within a single PostgreSQL instance, each with its own Data Encryption Key (DEK).
This is a great feature for database-level multi-tenancy.
However, in my setup, we follow a schema-based multi-tenancy model, where:
• We have one database, say app_db
• Each tenant is represented by a separate schema within app_db (e.g., tenant1, tenant2, etc.)
My questions:
1. Does pg_tde support schema-level encryption (i.e., separate keys for different schemas within the same database)?
2. If not, is splitting tenants into separate databases the only way to get encryption isolation using pg_tde?
3. Is schema-level multi-tenancy considered a supported or recommended architecture with pg_tde + Percona PostgreSQL Operator, or is database-per-tenant more aligned with TDE capabilities?
Beta Was this translation helpful? Give feedback.
All reactions