Extension Request: pgsodium
I'm working on a financial services application that involves storing customer nonpublic personal financial information. Currently, I'm using schema isolation to control access to sensitive tables. Read access to these tables outside the application is granted by creating an ad-hoc user with access to the required table. While this approach helps with access, it doesn't solve issues around logging and still is all-or-nothing at the column level.
Ideally, I'd be able to have engineers see the primary key, created at, modified at, and other system-generated columns while restricting visibility into the sensitive columns.
While looking for a solution, I came across this Supabase article:
https://supabase.com/blog/transparent-column-encryption-with-postgres
It seems pgsodium could be a match for my usecase. Added security functionality like this would play well with the recent IP allow functionality. I'll add that the stickiest part in leaving Aurora for me was actually IAM: I liked being able to generate short-term credentials to access specific tables in a way that produced an audit trail. I mention this because being able to encrypt columns would help bring some parity, even if it's not 1:1.
Supabase
Transparent Column Encryption with Postgres
Using pgsodium's Transparent Column Encryption to encrypt data and provide your users with row-level encryption.
1 Reply
vicious-gold•2y ago
Hey, I can get this logged internally. Can you DM me your email?
(To associate with the request)
I also appreciate the context you've added here 🙂