public inbox for [email protected]
help / color / mirror / Atom feedFrom: Christophe Pettus <[email protected]>
To: Clay Jackson (cjackson) <[email protected]>
Cc: Bruce Momjian <[email protected]>
Cc: Adrian Klaver <[email protected]>
Cc: Kai Wagner <[email protected]>
Cc: Laurenz Albe <[email protected]>
Cc: Ron Johnson <[email protected]>
Cc: pgsql-general <[email protected]>
Subject: Re: Enquiry about TDE with PgSQL
Date: Fri, 31 Oct 2025 10:40:56 -0700
Message-ID: <[email protected]> (raw)
In-Reply-To: <CO1PR19MB4984F31E10CA30299FED53669BF8A@CO1PR19MB4984.namprd19.prod.outlook.com>
References: <CACgMzfwSDRF+kQr59h0-xGUobCeFZxwVzE_tUxF18DkVb+vuDQ@mail.gmail.com>
<CAKAnmmKDCOdUT5JtJZz5papMO0zW1cnG4934d6aQVCQ_KdbUeg@mail.gmail.com>
<CANzqJaA41CzNjkiQex+A0u9z11i6R3WQZJ+fkXfJO7VJwOMWzg@mail.gmail.com>
<[email protected]>
<[email protected]>
<CAG0qCNhL=SEB4vc4v48PxN1F-t8htC463TpX7KDNWQ-s3s8dtA@mail.gmail.com>
<[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
<CO1PR19MB4984F31E10CA30299FED53669BF8A@CO1PR19MB4984.namprd19.prod.outlook.com>
> On Oct 31, 2025, at 10:32, Clay Jackson (cjackson) <[email protected]> wrote:
>
> Pardo me for jumping in here - but would filesystem level encryption possibly meet your requirements?
If we're talking about PCI DSS, the answer is: Yes, but. Filesystem-level encryption is acceptable IF the encryption keys (or other passwords used to unlock them) are separate from the user access controls to the host that has the encrypted volume attached. You have to go through a second step of decrypting the volume (or making it available for decrypted reads) separate from just mounting it.
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected]
Subject: Re: Enquiry about TDE with PgSQL
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox