I’m just continually amazed by the DuckDB team. We had built out a naive solution with OpenSSL to encrypt duckdb files, but that lead to a 2x runtime cost for first time queries and used up a lot of ram because we were encrypting/decrypting the entire file all at once. It seems like because DuckDB is encrypting at the page level and leveraging modern processors native AES operations, they are able to perform read/writes at practically no cost.
PunchyHamster•28m ago
Why not just LUKS ? Kernel level, leverages acceleration, transparent to anything you run on top of it.
DB encryption is useful if you have multiple things that need separate ACL and encryption keys but if it is one app one DB there is no need for it
glenjamin•19m ago
Other than motherduck, is anyone aware of any good models for running multi-user cloud-based duckdb?
ie. Running it like a normal database, and getting to take advantage of all of its goodies
kianN•35m ago
PunchyHamster•28m ago
DB encryption is useful if you have multiple things that need separate ACL and encryption keys but if it is one app one DB there is no need for it