the value of the HAT is in the data stored in the Postgres.
Question: How should we backup this database, while ensuring that (or at least minimize) the data is not visible/readable to anyone, even to HPP personnel?
The usual way is to pipe a pg_dump into an encryptor
pg_dump <database> | encrypt
However, providers should not have access to HAT data via pg_x commands.
The alternative is
- to backup the entire pg directory (which may itself already be encrypted-at-rest).
- to backup the entire container. (which may be too heavy)
Thoughts and comments?