Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1vEszM-002XhF-70
	for pgsql-general@arkaria.postgresql.org; Fri, 31 Oct 2025 17:32:35 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1vEszL-00GoZl-0o
	for pgsql-general@arkaria.postgresql.org; Fri, 31 Oct 2025 17:32:34 +0000
Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29])
	by malur.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <Clay.Jackson@quest.com>)
	id 1vEszK-00GoZd-IK
	for pgsql-general@lists.postgresql.org; Fri, 31 Oct 2025 17:32:33 +0000
Received: from mail-westusazon11012066.outbound.protection.outlook.com ([52.101.43.66] helo=SJ2PR03CU001.outbound.protection.outlook.com)
	by magus.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <Clay.Jackson@quest.com>)
	id 1vEszH-005Hfz-0T
	for pgsql-general@postgresql.org;
	Fri, 31 Oct 2025 17:32:33 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
 b=ToO35U+Xf08+Ckbs7FScCJUXc65jxhFpslGFFBzwj5coCtycVCsycpe9FI2tEq48aVibe2DcgsiVcN9AqQud+dvvkJF3ToppaUitvxMKTl113chECqBi9Z+v/wkIV6CXBZUXpeCtNj//Or1deLWWDW1LDTwE6PYNTYUrr1kRft+7j6VJ0VJbPNBkSQIlfu1L5NMDK4OsoJ7yTnUSGGgi0RaR4G9YRXVDzkNN79rXauFlbGhU3YSixYDOjCebw1O1/coDRZmQwFiev/c2zxI1x43qablo/oriWKnQYhdc7aXxJE7GXTfjjk0WzP+NLtNa7qfzbgywwWLXP2DURedMUw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector10001;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=Mufd/0vyJHonjo2b2I6ywA67OVSGfaNpJa+U5ZaWARo=;
 b=MYhYy7Ct044uWiXgEnrvgf500ytUwdOusMUxC6MQKL88xrWL+jULg06XUcKR3aDwB87YEwaxhkcfECB48Ef/4m8E0Hok3HODANIwXPhd9P6KocinlK8qRtaSzNoTb+4YW3bteD6d2er6hPzqvdVSGgreQPBhcFAAeOo+yeMBZtOX8QPAnu0vgxMwyJ3CygqjtLIEFcKSWrPkBrsBKyp+OuyMTuiWeemURYFy0KW0fgVwnauOnpYvrJSzJFP920QSi+zTZAAnq0xgjxhtOUNlQB25IzEsPuK0PJnWl8q5C7Tl679+45Z24UcgNz5W6oexKCbdcx16YIY5GGjPE4LBOg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=quest.com; dmarc=pass action=none header.from=quest.com;
 dkim=pass header.d=quest.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quest.com;
 s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=Mufd/0vyJHonjo2b2I6ywA67OVSGfaNpJa+U5ZaWARo=;
 b=pthSMiJG6kOqcbog2jvaWY0V0toctghDYbYVswW0cErEi/GgoJiuSNizF0NlUyJeT9vUZDRsgBcQu35OuyVVKdVAH5CKQATGsEy2bkDXGKhQ2OlOl2odEOgzbYi7UHg5V7pg0V7z8OakU261hTKpeMiMsXusLeKVzWGDasCin+6mgBjPB1nsQu6ZsAmnIon38k+lmaLYkAx/8dRnOWHdioveG4MudGNh2NpeKt7J3kQyu/jPmRQRVAaMvWfPEwQ3K7Vvv4nXrqMu4Fy9Is+PlTbvZy75fMEIZ1Jc0cR/o0jweNU//c92YpQGS1Ajb8MgVX0coSORXjRZ9inV8G5aaA==
Received: from CO1PR19MB4984.namprd19.prod.outlook.com (2603:10b6:303:f5::12)
 by IA0PR19MB8132.namprd19.prod.outlook.com (2603:10b6:208:487::19) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9275.15; Fri, 31 Oct
 2025 17:32:24 +0000
Received: from CO1PR19MB4984.namprd19.prod.outlook.com
 ([fe80::b141:c67f:7499:f58a]) by CO1PR19MB4984.namprd19.prod.outlook.com
 ([fe80::b141:c67f:7499:f58a%6]) with mapi id 15.20.9275.013; Fri, 31 Oct 2025
 17:32:23 +0000
From: "Clay Jackson (cjackson)" <Clay.Jackson@quest.com>
To: Bruce Momjian <bruce@momjian.us>, Christophe Pettus <xof@thebuild.com>
CC: Adrian Klaver <adrian.klaver@aklaver.com>, Kai Wagner
	<kai.wagner@percona.com>, Laurenz Albe <laurenz.albe@cybertec.at>, Ron
 Johnson <ronljohnsonjr@gmail.com>, pgsql-general
	<pgsql-general@postgresql.org>
Subject: RE: Enquiry about TDE with PgSQL
Thread-Topic: Enquiry about TDE with PgSQL
Thread-Index:
 AQHcPFne1JzuDE18N0KxA2R/9Mt46rTFWROAgABw9QCAACUYAIAVR7UAgAEuQwCAAA6oAIAAB44AgAAc24CAAAB/gIAABvMA
Date: Fri, 31 Oct 2025 17:32:23 +0000
Message-ID:
 <CO1PR19MB4984F31E10CA30299FED53669BF8A@CO1PR19MB4984.namprd19.prod.outlook.com>
References:
 <CACgMzfwSDRF+kQr59h0-xGUobCeFZxwVzE_tUxF18DkVb+vuDQ@mail.gmail.com>
 <CAKAnmmKDCOdUT5JtJZz5papMO0zW1cnG4934d6aQVCQ_KdbUeg@mail.gmail.com>
 <CANzqJaA41CzNjkiQex+A0u9z11i6R3WQZJ+fkXfJO7VJwOMWzg@mail.gmail.com>
 <a1dae4a583d560a90c67872b766ead02ddb13e51.camel@cybertec.at>
 <aQPDvqUzZVKkaxsS@momjian.us>
 <CAG0qCNhL=SEB4vc4v48PxN1F-t8htC463TpX7KDNWQ-s3s8dtA@mail.gmail.com>
 <aQTNmM-3VeTRZdx0@momjian.us>
 <df60c2f9-21df-4c04-a33c-5ae8ec74d431@aklaver.com>
 <E94D3E44-8BF5-45F8-9497-3918A8488706@thebuild.com>
 <aQTsjVoYDWU2GaLJ@momjian.us>
In-Reply-To: <aQTsjVoYDWU2GaLJ@momjian.us>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed)
 header.d=none;dmarc=none action=none header.from=quest.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: CO1PR19MB4984:EE_|IA0PR19MB8132:EE_
x-ms-office365-filtering-correlation-id: 6021afe0-d6b8-480d-f490-08de18a373bf
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|376014|366016|1800799024|38070700021;
x-microsoft-antispam-message-info:
 =?iso-8859-1?Q?k9s1cqec1GA15Qr6OIoXLuUujCKeqdQiR1z6jqUTR16z8UIGupbTLGJclB?=
 =?iso-8859-1?Q?dJ38EQafdjRh1IqxVMS9SjjESuH2+xcRCtBOd1znSs3QM/mx9SyWYrXCUD?=
 =?iso-8859-1?Q?lQUQrJ6pFdK40QblfM3bHv3wQiSGpPIsWVfKkUFbDAzmiTSNdCRdyk+/gb?=
 =?iso-8859-1?Q?6O7aa6XaRw0bq4RGopPJ2OCHFYhuCKQPSya3ETylTiPFWAlTUg42F2n/sW?=
 =?iso-8859-1?Q?MyV0lohbPHycCJiE0JYQwkSX9DhD15jiHgJ/wyrtA3uRk/nO85BouOkeDf?=
 =?iso-8859-1?Q?Y/w0PeyosnXS4QLYX0rYvdXvonBxXpUzEyOaPPj/TXqhjEQQE96Rtpnn/h?=
 =?iso-8859-1?Q?mv05wHPA3o3jYqAIeXTJqUlg4nYSMPmVfyldIKKH3AuhgkiYP34a6/kIrg?=
 =?iso-8859-1?Q?9kugaXO/2EnK2+ewDkxocxZXb6ErxEpOMzz5aE8v4Jwf+dZi+dLOduKgmT?=
 =?iso-8859-1?Q?ry+/WJqdpU0TFwA1AvjzBrvIXVTO3SSqJZO2n7DtAZWAi+EJUmqlHD1ZyT?=
 =?iso-8859-1?Q?WV/FuHo30qGLF6FWk/mKEGewfZClQTC/7tl47yIk5KZuczm7ejQl/dFM5y?=
 =?iso-8859-1?Q?hvgZTf37rROwPhHF95qn+gpDgklYimrX0ujhIjHKwE/9z1MY4U2cQh5xCR?=
 =?iso-8859-1?Q?fzS9ZhFPm5CQhCDEq+Vgb4eru/YOUlTmHwxtIDn2u+RvsZSi2WpQzq3oXr?=
 =?iso-8859-1?Q?puRQ2t5p1k1VHS0wQLwMDrl3EOgfiVUpjRchANr9QKGxL6PZvJEXNaIy1U?=
 =?iso-8859-1?Q?L0r3aEaepVlWaHHlFbOCyXPwl2aJ5bLIY8Q06JJtwJJgL9yYJOWdVAy+oZ?=
 =?iso-8859-1?Q?4PbBVunClI5C9LAa7L0L1qtspCR55mw8mcCnRNfSNDDJAWX4Rhw0kiGT1R?=
 =?iso-8859-1?Q?BB3DJRblNfKszj2/LE5U6+dP+iMyfG2fd5s1B54Ww9W5sVwHAo7YgTC3CZ?=
 =?iso-8859-1?Q?Rbp2PCjvFFEUZcAtmYXISpT7xsbUKvpBLuqKDchIo+KBytQz6InIny4+Z0?=
 =?iso-8859-1?Q?rE4447oXyiw0SOCWmr+hDzOwCSvRVkEE6sFFwP4qJksCWgiPW+4u5xCq7H?=
 =?iso-8859-1?Q?Cvq/d5x6tu+OOoBxVUY4rnDXyIQDIZ7IGaBYgtzmGZ6BAqGJMJzTZpXfdz?=
 =?iso-8859-1?Q?35fEPo7oZ7b0rfLYCJV41WUD9F4i7PNqnznkROeMYmWP0xDRu39aPjBxYp?=
 =?iso-8859-1?Q?mWB1vMvILiBMsQvGPi3M+OSUzz/Pr5KZmY/NnYU2K47sCGIz6mNiPu5biO?=
 =?iso-8859-1?Q?O3MTufMNcKZyyDvcZQ4gPzChZnoHLIPmx5e9JQ7XIi4ZjIdBUJ4RcKo7r2?=
 =?iso-8859-1?Q?yvXYyIiRf/0zzqHrSGcYQj1EUxf4dr8t0LmWPguwnMJvAktn8DlZ1K5d3Z?=
 =?iso-8859-1?Q?W8/eFSLENjHFFCHgk6B3cRMjTIy30TRRjkkj5EBSI0MZoIjdnK+27brXc+?=
 =?iso-8859-1?Q?TyOECbvbalsNkzChUAP+3Z+2uW2YMn5Y0jueBG0NTlbWU0G4enBqflwoLx?=
 =?iso-8859-1?Q?XxcWj3gt6H+cnIznwtgbC4?=
x-forefront-antispam-report:
 CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CO1PR19MB4984.namprd19.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(376014)(366016)(1800799024)(38070700021);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0:
 =?iso-8859-1?Q?MFQIMCnnrEEreMXNGHztXgAZ/EwCJ3pI6R1f1sEob8v2i8JNvkMqqlPCVX?=
 =?iso-8859-1?Q?O9bCLlrbHWAU7qscfuPwmhrVWVTZqXSPdrY9B1dKH9RyIigKThikLNK6ar?=
 =?iso-8859-1?Q?IkM7Up6uvQ2zspxADBoZbms0nlNqwECaxSukJsuO8ATW6DpgXqPisOxX2b?=
 =?iso-8859-1?Q?5XCNUTC0aPaM0YgIok1MDrD8mMskyhYpUyoTOGX54WwHjs2C42j1sFAzql?=
 =?iso-8859-1?Q?0BK7cHC/ngfBP8vULlv0e6UiIgIyGu/sQMyKIw66MdZEDehMXgOMWIN4fy?=
 =?iso-8859-1?Q?oArPrAiYW9LM50FMLmBsOYx2N6G2DR9Su8U1p+rk37DsTpYXiIadtQDYQ3?=
 =?iso-8859-1?Q?NHKtZVTqgHZwDAQAgbqG7jOo3ZaKHa4ZYc4GeM19wjPCVpIBOBnKg3dK4D?=
 =?iso-8859-1?Q?4cGJdhBC6pPLHEq+mhlJQ5SD4ig2LZPe7ExXS4wLxhlBgBZgDH9uMsdILb?=
 =?iso-8859-1?Q?UnURdhZIoEeflSX6kx+hO084RqYTzzUmVZwvdVZr5MQk5G9wp4R8pCxSBg?=
 =?iso-8859-1?Q?nI7u0ZWhTnud3tw1bsnv6739IwyTUscPbedquSsbpspthlBSSuyC7M7Ht0?=
 =?iso-8859-1?Q?B9z/MwPNiPEJ76x9o5ndth1krrWdB+oE/VZxsAPHghie+R/Q/wbmL3CXmw?=
 =?iso-8859-1?Q?D8xVV742iZy8O5n4J4mAVrak7mHNIEMeaDe5tAELwf3/88X7oE9SvL6kG4?=
 =?iso-8859-1?Q?nPIeHPqM8uW5md7LFo8oV5PcAAlTdm4LtFMQllB3Sl+JYdTSKYqNVe8Q4o?=
 =?iso-8859-1?Q?HIAS3FXRZuiawEF38febH9WrShz4XsoGpfxY4THMzxFaLuMxGMLyIUOfnp?=
 =?iso-8859-1?Q?KTgrHHw1RPVbW6/KKjjMdwf6DwdhZWWu4y5k1mSlV8gj3lNeLJIEmZsasy?=
 =?iso-8859-1?Q?tmKV+0ZdrOvA7yOCvK+FnlLLJWCMpi3WquJYBZfWGU185PG6B+TB1SNMy9?=
 =?iso-8859-1?Q?77Wz1spJHN6mcuhJXOkNAX+S6TO2KQHTdLKaSRSBT9eN/JtA2hYYRku2gA?=
 =?iso-8859-1?Q?hI9DLLyXe9O9ISl1d+pZPZV0P3PbvhJPwDs7WEPma12miBkfH8S0zcP14f?=
 =?iso-8859-1?Q?t4ts5ZE1cV99jODUAVZw93eEP0fdZj1P0YfnlUCUiMwKKQv0IWzE2bif0L?=
 =?iso-8859-1?Q?zag4gMc95Y3ld+gxnIE3XG/auiLISnK9XwbHOEStsW20xAA+flFU0Kq9LJ?=
 =?iso-8859-1?Q?92cN25ya5M3WOUseeOQli/jKZqPE5XeDH2qYEsIlboZBQi/xpzsnm2VDTL?=
 =?iso-8859-1?Q?axobzWrti7CsJGta3KXMxcsH4gKyw9l+kDXrQTJguslhCpm4W/yfQjHrl/?=
 =?iso-8859-1?Q?0ZEPdLMFWCyxgW51BhLMEsS+UEuFjKY+jrqtvDLwDsB9fjvlYGHv6i/zfH?=
 =?iso-8859-1?Q?nTcXPRCrnd7WvgHig+HgJcN3xW7OpxO8+EMVA5MSIlF0gda8SqnednSLIo?=
 =?iso-8859-1?Q?BNJX1PQiFOgIwpvWcvlAUqNXZDCuuYCUqmPSksRVlB+9tMSXhINCyoHZC+?=
 =?iso-8859-1?Q?fw7EqHk5ty8YGc6JtTzGja7MYInt2pa9xMC6rMOeRbSITcZX01GDN1OEvU?=
 =?iso-8859-1?Q?NmUcH0oOmsYxpdSRSHE8b2uOWY7CT+q6A4a9HMmYXOWxj4Puw3/msdTwdf?=
 =?iso-8859-1?Q?6sNlI1yeuKoO60pDAJqnjpxVS3wDpPkuJA?=
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: quest.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CO1PR19MB4984.namprd19.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 6021afe0-d6b8-480d-f490-08de18a373bf
X-MS-Exchange-CrossTenant-originalarrivaltime: 31 Oct 2025 17:32:23.3827
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 91c369b5-1c9e-439c-989c-1867ec606603
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Q8SPV/i43t37sezzFJbDjBcH0XEWptOXT4krX/kLBRmwFMB15g5+jDd9JYCQp9N2FW+5nzCxgR9iM6juqEfsaQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA0PR19MB8132
List-Id: <pgsql-general.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-general@lists.postgresql.org>
List-Owner: <mailto:pgsql-general-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-general>
Archived-At: <https://www.postgresql.org/message-id/CO1PR19MB4984F31E10CA30299FED53669BF8A%40CO1PR19MB4984.namprd19.prod.outlook.com>
Precedence: bulk

Pardo me for jumping in here - but would filesystem level encryption possib=
ly meet your requirements?

Clay Jackson
Database Solutions Sales Engineer
clay.jackson@quest.com
office  949-754-1203  mobile 425-802-9603

-----Original Message-----
From: Bruce Momjian <bruce@momjian.us>
Sent: Friday, October 31, 2025 10:06 AM
To: Christophe Pettus <xof@thebuild.com>
Cc: Adrian Klaver <adrian.klaver@aklaver.com>; Kai Wagner <kai.wagner@perco=
na.com>; Laurenz Albe <laurenz.albe@cybertec.at>; Ron Johnson <ronljohnsonj=
r@gmail.com>; pgsql-general <pgsql-general@postgresql.org>
Subject: Re: Enquiry about TDE with PgSQL

CAUTION: This email originated from outside of the organization. Do not fol=
low guidance, click links, or open attachments unless you recognize the sen=
der and know the content is safe.


On Fri, Oct 31, 2025 at 10:04:35AM -0700, Christophe Pettus wrote:
>
>
> > On Oct 31, 2025, at 08:21, Adrian Klaver <adrian.klaver@aklaver.com>
> > wrote:  Yeah, what I would like to know is how many of the data
> > breaches actually grab directly from the storage versus getting it
> > through the database or other software above the storage?
>
> Essentially zero.
>
> PCI, like a lot of data security standards, are a magpie's assemblage
> of things that the authors have heard about all of which sound
> "secure" to them.  However, since these particular magpies have
> machine guns (metaphorically) and can do serious damage to businesses,
> we must play along with the masquerade.

Yes, we have been avoiding the masquerade for years.  The question is can w=
e continue.  From the lack of discussion since April 1, 2025, it seems the =
answer is yes.


--
  Bruce Momjian  <bruce@momjian.us>        https://momjian.us/
  EDB                                      https://enterprisedb.com/

  Do not let urgent matters crowd out time for investment in the future.