Hi there,
I have successfully enabled encryption on postgres.
I have in postgres.conf:
pg_tde.enforce_encryption = on
default_table_access_method = ‘tde_heap’
Everything works well. Everything is encrypted by default.
However I have to use an application which creates indexes using
“USE BTREE”. This causes postgres to throw an error
“error: pg_tde.enforce_encryption is ON, only the tde_heap access method is allowed.”, which I guess makes sense.
I have no control over how the application works and so the only
option to get it working is to comment out pg_tde.enforce_encryption = on.
As the tables are created without any special handlers, the set default_table_access_method which uses tde_heap works fine.
However, does this mean that the indexes are not encrypted and can potentially leak data? Anyway around this, or does pg_tde somehow know to index them anyway?
I am not quite sure of the interaction between table data, pg_tde and indexes,
could it be it doesn’t matter if indexes are not encrypted as the data they index is?
I would be very grateful for some clarity on this,
Thanks in advance!