Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1vEphg-001QJB-AB
	for pgsql-general@arkaria.postgresql.org; Fri, 31 Oct 2025 14:02:07 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1vEphf-00F16h-9t
	for pgsql-general@arkaria.postgresql.org; Fri, 31 Oct 2025 14:02:06 +0000
Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29])
	by malur.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <kai.wagner@percona.com>)
	id 1vEphe-00F16U-TH
	for pgsql-general@lists.postgresql.org; Fri, 31 Oct 2025 14:02:05 +0000
Received: from mail-qt1-x836.google.com ([2607:f8b0:4864:20::836])
	by magus.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.96)
	(envelope-from <kai.wagner@percona.com>)
	id 1vEpha-005Fza-0w
	for pgsql-general@postgresql.org;
	Fri, 31 Oct 2025 14:02:05 +0000
Received: by mail-qt1-x836.google.com with SMTP id d75a77b69052e-4e88cacc5d9so19907191cf.0
        for <pgsql-general@postgresql.org>; Fri, 31 Oct 2025 07:02:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=percona.com; s=google; t=1761919320; x=1762524120; darn=postgresql.org;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc:subject:date:message-id:reply-to;
        bh=x/dF3JSlrtJ+N34eKRU3dNP6TJH33RI3lBjI+ZpvOkU=;
        b=F6NDCEe2IzVTecn2E5rmIO6IbQ3UioWwnoyAeD6UrJwO0OXxpcV+TNJaApdXg72qle
         eKc7kO3+kYDpI7a0mRhhmnrD4GilCe+VgD2h1s2OhfHpSMMD4YKxHycZIIWKAhnrXfwq
         IfOOI0iBcE+LZo1TtQxT/McYfaoMdfHneqfKY=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1761919320; x=1762524120;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=x/dF3JSlrtJ+N34eKRU3dNP6TJH33RI3lBjI+ZpvOkU=;
        b=m59MsECI4UMhzsCpBopicv0rDpgDGa89lb43irpOXarurQjYGNA3IyHzsyvYEbl/35
         BsaW7QGKNjZdVsAHRifvQxlanfSLIC++tNmy9xKqQ0fq42DU9/zBJhgpDgjjz8QRsu+m
         lf+aJstYYT4Y6LNNTiHXJ6tLDQbcyQNcxqbBniFlDPWoGwlETs1u4ZBSORUaS0JHBd0Z
         AZunFazdz8xdKFRi8kbZgkIYLW+UPedmIzow4vnCPdrNuu+E0N/IoaZcSK+WDMauNBLR
         qvh/PqgTwG9558o21yOIQB4bHeYABc/YppL2bCgGtztyxTnTuOvw8UXahHSJLh+8mNqf
         9MvA==
X-Forwarded-Encrypted: i=1; AJvYcCWVOXUvaPf3NPhx25JfaMN2QFzP6oLiXGmYqzPRsPmnLe9aFxzt8jMDZ7OIWm+Klt9ccIkbuRHAlFHcGaYo@postgresql.org
X-Gm-Message-State: AOJu0YyhVxFq+MFtXuej4phO/CZTPQIJAb+1GZhpHRiTHP9XT3peXKDA
	S7lUQSO8EPvAg8XZ8ziF/bfZhWd3WKTjj/9AFZ3R3E9HpQu5UQ7+S7I6WlYvMWI0TsOi0YH5x2L
	YY/ezqtlOCCi2xxkARbSv9cX3f8WP4Pw9iu62p/QthY7pTkXH5MEqHnU9hqPQwI49LumEEv72BP
	7pB1LX9BcRYwrH0Vofu4ATdj2uz/Z5QW+FvjmjoSt6BUNx0eC9dA1DZmBb8nyuUwMiPBwVw2uP5
	yVvckrxCptf7mrQhAv0+nrS/zpoXFN+74oSGOUG0VPDZmjQw4Q=
X-Gm-Gg: ASbGncvnD2XIFh6AOJ0sWjeUljzfJEhex6e476b+1TalTOt/EodBhNDAMVdHq8pANf4
	vapTEmG17OHPXCzkzuiPq8gclSMXkSacRtT0Z9bXJT4momkno/Vn87kO3k9/XsFItkW8HKg8oxb
	LZGJUp/Ju9ZUBeJsajVvpoaQD3DRV+vVofocvAr6aamIVZD8utyQHoNfFs0RnHryy8VGd8/vCSE
	dqJtlu2N/iXGcH3Okoh5cYVg1zoXrmhkx2DUwzQVOTVNKceJYWTb+agiMJjlw==
X-Google-Smtp-Source: AGHT+IEt6Bt0q6Z3GdexihmLWP/m6fxKJpV4ZxKbnqkdACIfQxTd/cg2IdXPN4nEtEeiOmbulVK9WljkkD7L5qW/Z1o=
X-Received: by 2002:a05:622a:1f85:b0:4e8:b270:aeb1 with SMTP id
 d75a77b69052e-4ed30f8ac0amr49432501cf.52.1761919319555; Fri, 31 Oct 2025
 07:01:59 -0700 (PDT)
MIME-Version: 1.0
References: <CACgMzfwSDRF+kQr59h0-xGUobCeFZxwVzE_tUxF18DkVb+vuDQ@mail.gmail.com>
 <CAKAnmmKDCOdUT5JtJZz5papMO0zW1cnG4934d6aQVCQ_KdbUeg@mail.gmail.com>
 <CANzqJaA41CzNjkiQex+A0u9z11i6R3WQZJ+fkXfJO7VJwOMWzg@mail.gmail.com>
 <a1dae4a583d560a90c67872b766ead02ddb13e51.camel@cybertec.at> <aQPDvqUzZVKkaxsS@momjian.us>
In-Reply-To: <aQPDvqUzZVKkaxsS@momjian.us>
From: Kai Wagner <kai.wagner@percona.com>
Date: Fri, 31 Oct 2025 15:01:48 +0100
X-Gm-Features: AWmQ_blWvR78w8WKRZpXjD9RM3_4B1Re-1WRrvmpQO3Vl9OdseGR5g5l39TKxtw
Message-ID: <CAG0qCNhL=SEB4vc4v48PxN1F-t8htC463TpX7KDNWQ-s3s8dtA@mail.gmail.com>
Subject: Re: Enquiry about TDE with PgSQL
To: Bruce Momjian <bruce@momjian.us>
Cc: Laurenz Albe <laurenz.albe@cybertec.at>, Ron Johnson <ronljohnsonjr@gmail.com>, 
	pgsql-general <pgsql-general@postgresql.org>
Content-Type: multipart/alternative; boundary="0000000000002a59bd064274cfb1"
X-CLOUD-SEC-AV-Sent: true
X-CLOUD-SEC-AV-Info: percona,google_mail,monitor
X-Gm-Spam: 0
X-Gm-Phishy: 0
List-Id: <pgsql-general.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-general@lists.postgresql.org>
List-Owner: <mailto:pgsql-general-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-general>
Archived-At: <https://www.postgresql.org/message-id/CAG0qCNhL%3DSEB4vc4v48PxN1F-t8htC463TpX7KDNWQ-s3s8dtA%40mail.gmail.com>
Precedence: bulk

--0000000000002a59bd064274cfb1
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

As I personally believe, there is no real way around TDE in the future,
either by extensibility of the core (start with the storage manager and
move your way on from there), to make an extension possible, or by directly
adding it to the core, there are more reasons coming or are already on
their way.

With the PCI DSS v4.1 standard, one key rule to comply with is, that "If
PAN is stored, it must be rendered unreadable". Of course there are other
ways, like tokenization, hashing etc. but this regulation is pushing
towards at rest encryption in the long run, and not only disk encryption.
We can dislike it, but we are already seeing the need coming from large
industries and companies that they cannot work around this anymore, as the
auditors doing the checkboxes do not really care about "good alternatives",
as they do not even technically understand what this is about. They do
compare postgres simply against other already in use databases at these
orgs (MySQL or MongoDB), and as such, we are currently the only one that
cannot be used in such a use case, at least not without the willingness of
the auditor to make it happen.

On Thu, Oct 30, 2025 at 9:00=E2=80=AFPM Bruce Momjian <bruce@momjian.us> wr=
ote:

> On Fri, Oct 17, 2025 at 09:01:52AM +0200, Laurenz Albe wrote:
> > On Fri, 2025-10-17 at 00:49 -0400, Ron Johnson wrote:
> > > On Thu, Oct 16, 2025 at 6:05=E2=80=AFPM Greg Sabino Mullane <
> htamfids@gmail.com> wrote:
> > > >
> > > > TDE, on the other hand, is a very complex and difficult thing to ad=
d
> into Postgres.
> > >
> > > TDE was added to SQL Server, with (to us, at least) minimally-noticed
> overhead.
> > > Oracle has it, too, but I don't know the details.
> > >
> > > The bottom line is that requirements for TDE are escalating, whether
> you like it or
> > > not, as Yet Another Layer Of Defense against hackers exfiltrating
> data, and then
> > > threatening to leak it to the public.
> >
> > Bruce Momjian has interesting things to say about that in
> >
> https://url.avanan.click/v2/r01/___https://compiledconversations.com/6/__=
_.YXAzOnBlcmNvbmE6YTpnOjMxNTMyOGQ0MzIyODAzOTU2M2E4OWUxZjNjZmMyYTRlOjc6MDJjZ=
DplMmZkOGI3NTExNjAzNDI4YzZlZTZjMDQwNjU1YWQyZTVlYzU4NmQ4NjMzYzQxZGVjNzUxMGM5=
MmM0YThkM2M5OnA6VDpO
> (unfortunately I don't remember where
> > exactly in this 84 minute piece).
>
> Here is my most recent blog about TDE:
>
>
> https://url.avanan.click/v2/r01/___https://momjian.us/main/blogs/pgblog/2=
025.html%23February_22_2025___.YXAzOnBlcmNvbmE6YTpnOjMxNTMyOGQ0MzIyODAzOTU2=
M2E4OWUxZjNjZmMyYTRlOjc6ODI4Nzo4OTUwMTcwNDljNjA0OGYxNzU3MDhlMjhiNDIwZjNiNzN=
jYTZmNWJjZmM2MmNmNWJkMGFhNTllOTMzNjA2Y2EyOnA6VDpO
>
> --
>   Bruce Momjian  <bruce@momjian.us>
> https://url.avanan.click/v2/r01/___https://momjian.us___.YXAzOnBlcmNvbmE6=
YTpnOjMxNTMyOGQ0MzIyODAzOTU2M2E4OWUxZjNjZmMyYTRlOjc6ZTBkOTozZDU5MmRlNGI0YTU=
5ZmIxM2UzNmE1NTgzY2U1YjBjNmZlZWMwNmEyNzBhYjdlYTlhNDhlZTU4MGVjMDQ4MTk5OnA6VD=
pO
>   EDB
> https://url.avanan.click/v2/r01/___https://enterprisedb.com___.YXAzOnBlcm=
NvbmE6YTpnOjMxNTMyOGQ0MzIyODAzOTU2M2E4OWUxZjNjZmMyYTRlOjc6ZWFlNjoyYWE0NWVmY=
2EwZTBhNGM3Y2Q2NzQwNDQ5NmM5OGMwODkxNDUxYzY2YmI4NWZhNzM0NmUwZjI1Mzg4NzE4ZDhh=
OnA6VDpO
>
>   Do not let urgent matters crowd out time for investment in the future.
>
>
>

--0000000000002a59bd064274cfb1
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div>As I personally believe, there is no real way around =
TDE in the future, either by extensibility of the core (start with the stor=
age manager and move your way on from there), to make an extension possible=
, or by directly adding it to the core, there are more reasons coming or ar=
e already on their way.</div><div><br></div><div>With the PCI DSS v4.1 stan=
dard, one key rule to comply with is, that &quot;If PAN is stored, it must =
be rendered unreadable&quot;. Of course there are other ways, like tokeniza=
tion, hashing etc. but this regulation is pushing towards at rest encryptio=
n in the long run, and not only disk encryption. We can dislike it, but we =
are already seeing the need coming from large industries and companies that=
 they cannot work around this anymore, as the auditors doing the checkboxes=
 do not really care about &quot;good alternatives&quot;, as they do not eve=
n technically understand what this is about. They do compare postgres simpl=
y against other already in use databases at these orgs (MySQL or MongoDB), =
and as such, we are currently the only one that cannot be used in such a us=
e case, at least not without the willingness of the auditor to make it happ=
en.</div><br><div class=3D"gmail_quote gmail_quote_container"><div dir=3D"l=
tr" class=3D"gmail_attr">On Thu, Oct 30, 2025 at 9:00=E2=80=AFPM Bruce Momj=
ian &lt;<a href=3D"mailto:bruce@momjian.us">bruce@momjian.us</a>&gt; wrote:=
<br></div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8=
ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On Fri, Oct 17,=
 2025 at 09:01:52AM +0200, Laurenz Albe wrote:<br>
&gt; On Fri, 2025-10-17 at 00:49 -0400, Ron Johnson wrote:<br>
&gt; &gt; On Thu, Oct 16, 2025 at 6:05=E2=80=AFPM Greg Sabino Mullane &lt;<=
a href=3D"mailto:htamfids@gmail.com" target=3D"_blank">htamfids@gmail.com</=
a>&gt; wrote:<br>
&gt; &gt; &gt; <br>
&gt; &gt; &gt; TDE, on the other hand, is a very complex and difficult thin=
g to add into=C2=A0Postgres.<br>
&gt; &gt; <br>
&gt; &gt; TDE was added to SQL Server, with (to us, at least) minimally-not=
iced overhead.<br>
&gt; &gt; Oracle has it, too, but I don&#39;t know the details.<br>
&gt; &gt; <br>
&gt; &gt; The bottom line is that requirements for TDE are escalating, whet=
her you like it or<br>
&gt; &gt; not, as Yet Another Layer Of Defense against hackers exfiltrating=
 data, and then<br>
&gt; &gt; threatening to leak it to the public.<br>
&gt; <br>
&gt; Bruce Momjian has interesting things to say about that in<br>
&gt; <a href=3D"https://url.avanan.click/v2/r01/___https://compiledconversa=
tions.com/6/___.YXAzOnBlcmNvbmE6YTpnOjMxNTMyOGQ0MzIyODAzOTU2M2E4OWUxZjNjZmM=
yYTRlOjc6MDJjZDplMmZkOGI3NTExNjAzNDI4YzZlZTZjMDQwNjU1YWQyZTVlYzU4NmQ4NjMzYz=
QxZGVjNzUxMGM5MmM0YThkM2M5OnA6VDpO" rel=3D"noreferrer" target=3D"_blank">ht=
tps://url.avanan.click/v2/r01/___https://compiledconversations.com/6/___.YX=
AzOnBlcmNvbmE6YTpnOjMxNTMyOGQ0MzIyODAzOTU2M2E4OWUxZjNjZmMyYTRlOjc6MDJjZDplM=
mZkOGI3NTExNjAzNDI4YzZlZTZjMDQwNjU1YWQyZTVlYzU4NmQ4NjMzYzQxZGVjNzUxMGM5MmM0=
YThkM2M5OnA6VDpO</a> (unfortunately I don&#39;t remember where<br>
&gt; exactly in this 84 minute piece).<br>
<br>
Here is my most recent blog about TDE:<br>
<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 <a href=3D"https://url.avanan.click/v2/r01/___h=
ttps://momjian.us/main/blogs/pgblog/2025.html%23February_22_2025___.YXAzOnB=
lcmNvbmE6YTpnOjMxNTMyOGQ0MzIyODAzOTU2M2E4OWUxZjNjZmMyYTRlOjc6ODI4Nzo4OTUwMT=
cwNDljNjA0OGYxNzU3MDhlMjhiNDIwZjNiNzNjYTZmNWJjZmM2MmNmNWJkMGFhNTllOTMzNjA2Y=
2EyOnA6VDpO" rel=3D"noreferrer" target=3D"_blank">https://url.avanan.click/=
v2/r01/___https://momjian.us/main/blogs/pgblog/2025.html%23February_22_2025=
___.YXAzOnBlcmNvbmE6YTpnOjMxNTMyOGQ0MzIyODAzOTU2M2E4OWUxZjNjZmMyYTRlOjc6ODI=
4Nzo4OTUwMTcwNDljNjA0OGYxNzU3MDhlMjhiNDIwZjNiNzNjYTZmNWJjZmM2MmNmNWJkMGFhNT=
llOTMzNjA2Y2EyOnA6VDpO</a><br>
<br>
-- <br>
=C2=A0 Bruce Momjian=C2=A0 &lt;<a href=3D"mailto:bruce@momjian.us" target=
=3D"_blank">bruce@momjian.us</a>&gt;=C2=A0 =C2=A0 =C2=A0 =C2=A0 <a href=3D"=
https://url.avanan.click/v2/r01/___https://momjian.us___.YXAzOnBlcmNvbmE6YT=
pnOjMxNTMyOGQ0MzIyODAzOTU2M2E4OWUxZjNjZmMyYTRlOjc6ZTBkOTozZDU5MmRlNGI0YTU5Z=
mIxM2UzNmE1NTgzY2U1YjBjNmZlZWMwNmEyNzBhYjdlYTlhNDhlZTU4MGVjMDQ4MTk5OnA6VDpO=
" rel=3D"noreferrer" target=3D"_blank">https://url.avanan.click/v2/r01/___h=
ttps://momjian.us___.YXAzOnBlcmNvbmE6YTpnOjMxNTMyOGQ0MzIyODAzOTU2M2E4OWUxZj=
NjZmMyYTRlOjc6ZTBkOTozZDU5MmRlNGI0YTU5ZmIxM2UzNmE1NTgzY2U1YjBjNmZlZWMwNmEyN=
zBhYjdlYTlhNDhlZTU4MGVjMDQ4MTk5OnA6VDpO</a><br>
=C2=A0 EDB=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 <a hr=
ef=3D"https://url.avanan.click/v2/r01/___https://enterprisedb.com___.YXAzOn=
BlcmNvbmE6YTpnOjMxNTMyOGQ0MzIyODAzOTU2M2E4OWUxZjNjZmMyYTRlOjc6ZWFlNjoyYWE0N=
WVmY2EwZTBhNGM3Y2Q2NzQwNDQ5NmM5OGMwODkxNDUxYzY2YmI4NWZhNzM0NmUwZjI1Mzg4NzE4=
ZDhhOnA6VDpO" rel=3D"noreferrer" target=3D"_blank">https://url.avanan.click=
/v2/r01/___https://enterprisedb.com___.YXAzOnBlcmNvbmE6YTpnOjMxNTMyOGQ0MzIy=
ODAzOTU2M2E4OWUxZjNjZmMyYTRlOjc6ZWFlNjoyYWE0NWVmY2EwZTBhNGM3Y2Q2NzQwNDQ5NmM=
5OGMwODkxNDUxYzY2YmI4NWZhNzM0NmUwZjI1Mzg4NzE4ZDhhOnA6VDpO</a><br>
<br>
=C2=A0 Do not let urgent matters crowd out time for investment in the futur=
e.<br>
<br>
<br>
</blockquote></div></div>

--0000000000002a59bd064274cfb1--