Re: hide data from admins - Jehan-Guillaume de Rorthais

public inbox for [email protected]  
help / color / mirror / Atom feed

From: Jehan-Guillaume de Rorthais <[email protected]>
To: Ron Johnson <[email protected]>
Cc: pgsql-generallists.postgresql.org <[email protected]>
Subject: Re: hide data from admins
Date: Thu, 13 Mar 2025 19:37:14 +0100
Message-ID: <20250313193714.27810bba@karst> (raw)
In-Reply-To: <CANzqJaBUFoVZw+AS9Rc4OQ67NNzzsPdLvD2SSb8J9KpR=kXogQ@mail.gmail.com>
References: <CAC5iy63SkK=C2f4Z+C9110brQPKEGLxpOn8fLnPs4A2vsMmpAA@mail.gmail.com>
	<CANzqJaBUFoVZw+AS9Rc4OQ67NNzzsPdLvD2SSb8J9KpR=kXogQ@mail.gmail.com>

Le Tue, 11 Mar 2025 22:03:50 -0400,
Ron Johnson <[email protected]> a écrit :

> On Tue, Mar 11, 2025 at 9:48 PM Siraj G <[email protected]> wrote:
> 
> > Hello Experts!
> >
> > What are the features available in Postgresql to hide PII (personal
> > identifiable information) from the Admin team? Like in Oracle we have data
> > vault and data redaction, I am looking for similar features in
> > PostgreSQL.We do not want to do code level changes.
> 
> Look at pgsodium.  However, "no code level changes" is code for at-rest
> encryption.

Unless I'm wrong, pgsodium will not protect you from Admin team. The "postgres"
role will always be able to read your keys or meta-data to derive them from the
master key if they are stored inside the database… and root might be able to
scan the memory to find the master key I suppose.

Storing the keys outisde the database means code level change.

Your best bet would be the Transparent Column Encryption patch, but it is
stalled for one year.

In last resort, I suppose selinux/sepgsql machinery can lock everything the way
you want, even without encryption…

good luck.

view thread (2+ messages)

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: [email protected]
  Cc: [email protected], [email protected], [email protected]
  Subject: Re: hide data from admins
  In-Reply-To: <20250313193714.27810bba@karst>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox