public inbox for [email protected]
help / color / mirror / Atom feedFrom: =?UTF-8?Q?Anders_=C3=85strand?= <[email protected]>
To: Daniel Gustafsson <[email protected]>
To: Bear Giles <[email protected]>
Cc: PostgreSQL Hackers <[email protected]>
Subject: Re: Follow-up on OpenSSL "engines" and "providers"
Date: Mon, 16 Feb 2026 12:12:08 +0100
Message-ID: <[email protected]> (raw)
In-Reply-To: <[email protected]>
References: <CALBNtw6tVo+WekdeaZdcXFqUPGSse_NkFT-eMyKMGs4ezu+tqQ@mail.gmail.com>
<[email protected]>
> FWIW there has been discussion among those of us who regularly dip our toes in
> the OpenSSL support code to add some form of integration with vaults (like
> vault from Hashicorp, ipa/idm from Redhat, Keychain from Apple etc) for storing
> secrets. AFAIK there are no concrete patches to look at (yet?), but there is
> interest and it will most likely be discussed at PGConf.dev in case you are
> thinking of attending.
I've been toying with the idea of building a key manager extension that could be used by others to get hold of secrets or use encryption keys without necessarily having to know where those secrets would be stored. It could use loadable shared libraries for the different providers similar to how we do it for OAuth.
I don't believe this code would have to start out in core at all, but maybe we will want to integrate it later for reasons.
--
Anders Åstrand
Percona
view thread (4+ messages)
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected]
Subject: Re: Follow-up on OpenSSL "engines" and "providers"
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox