Re: Enquiry about TDE with PgSQL
Laurenz Albe <laurenz.albe@cybertec.at>
From: Laurenz Albe <laurenz.albe@cybertec.at>
To: Ron Johnson <ronljohnsonjr@gmail.com>, pgsql-general <pgsql-general@postgresql.org>
Date: 2025-10-17T07:01:52Z
Lists: pgsql-general
On Fri, 2025-10-17 at 00:49 -0400, Ron Johnson wrote: > On Thu, Oct 16, 2025 at 6:05 PM Greg Sabino Mullane <htamfids@gmail.com> wrote: > > > > TDE, on the other hand, is a very complex and difficult thing to add into Postgres. > > TDE was added to SQL Server, with (to us, at least) minimally-noticed overhead. > Oracle has it, too, but I don't know the details. > > The bottom line is that requirements for TDE are escalating, whether you like it or > not, as Yet Another Layer Of Defense against hackers exfiltrating data, and then > threatening to leak it to the public. Bruce Momjian has interesting things to say about that in https://compiledconversations.com/6/ (unfortunately I don't remember where exactly in this 84 minute piece). It is a feature that users want (or need to comply with whatever they feel they have to comply with). On the other hand, it has very limited technical or security value, which hampers its acceptance into core. Yours, Laurenz Albe