Hi all,
If the master key (or “principal key”) is compromised, an attacker could potentially derive the unencrypted internal keys from it.
Currently, rotating the master key does not change the internal keys—it only re-encrypts them with the new master key.
After reviewing the documentation, I couldn’t find a built-in function to rotate the actual internal keys. Is there a way to do this? Would creating a new table be the only solution?
Thanks for your insights!
Hello!
Thanks for trying out pg_tde!
Yes, we currently do not have any specific functions to rotate the internal keys, because any operation that completely rewrites a table datafile (VACUUM FULL, some but not all ALTER TABLE operations, TRUNCATE, …) generates a new internal key, effectively rotating it.
So if you are worried about internal keys leaking, you can fix that by vacuuming the database.
Unanswered | Unsolved | Solved
MySQL, InnoDB, MariaDB and MongoDB are trademarks of their respective owners.
Copyright © 2006 - 2024 Percona LLC. All rights reserved.