public inbox for [email protected]
help / color / mirror / Atom feedFrom: Greg Sabino Mullane <[email protected]>
To: Ashish Mukherjee <[email protected]>
Cc: [email protected]
Subject: Re: Enquiry about TDE with PgSQL
Date: Thu, 16 Oct 2025 18:04:49 -0400
Message-ID: <CAKAnmmKDCOdUT5JtJZz5papMO0zW1cnG4934d6aQVCQ_KdbUeg@mail.gmail.com> (raw)
In-Reply-To: <CACgMzfwSDRF+kQr59h0-xGUobCeFZxwVzE_tUxF18DkVb+vuDQ@mail.gmail.com>
References: <CACgMzfwSDRF+kQr59h0-xGUobCeFZxwVzE_tUxF18DkVb+vuDQ@mail.gmail.com>
>
> I would like to enquire that based on the anecdotal experience of group
> members, which TDE solution works best for PgSQL 17 databases.
Generally speaking, there is no "best". People use whatever vendor they
happen to already use. Your best solution is to avoid TDE altogether. If
you really need encryption at rest, have the OS do it. That works well
(transparently, even), is very battle-tested, and has minimal performance
impact. TDE, on the other hand, is a very complex and difficult thing to
add into Postgres. Currently it means you are using a forked version of
Postgres and are incurring overhead every time you read or write to disk.
The scenario I have is of a large number of tables (15-20K) and some
> tables with 100M tuples each. The total database size is 4TB.
The size and number of tables does not really matter. How often you write
WAL, and how often things move in and out of shared buffers is what matters.
Cheers,
Greg
view thread (36+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected]
Subject: Re: Enquiry about TDE with PgSQL
In-Reply-To: <CAKAnmmKDCOdUT5JtJZz5papMO0zW1cnG4934d6aQVCQ_KdbUeg@mail.gmail.com>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox