Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1vEYoV-00DKTr-M8 for pgsql-general@arkaria.postgresql.org; Thu, 30 Oct 2025 20:00:02 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1vEYoU-00ACOs-Mu for pgsql-general@arkaria.postgresql.org; Thu, 30 Oct 2025 20:00:01 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1vEYoU-00ACOf-Cs for pgsql-general@lists.postgresql.org; Thu, 30 Oct 2025 20:00:01 +0000 Received: from momjian.us ([72.94.173.45]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1vEYoR-004cCn-24 for pgsql-general@postgresql.org; Thu, 30 Oct 2025 20:00:00 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=momjian.us; s=2025010100; h=In-Reply-To:Content-Transfer-Encoding:Content-Type: MIME-Version:References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To: Content-ID:Content-Description; bh=yK8C1rN8EPdYlqWePRMgm1hiCQSkWIM395DpUVOV3mA=; b=l1LikArGIoz1SDht6SHexRAMS4 fvUpciwFXHtkxyiweYJTDqym/7xGFKPMJGPasO8FG8OX2ax+wxhrAj3r/wi5qMd3LTZfHYnoCrZ2T CzD/Ykilc0/WjUN8vSZCM09g27u7N9Wth+rTqfBppaHLmzqB5fq+3mtJ5PL4bxzyvKSrbcv5I4Ppr Q4rqlTD3uaZGa5T/7SNKUEF3hMqVcjST+7W7An6S7GRD3bcfucUUGTZum1HKXLAOVHNE49yP4z8It xuWOtjvGq06Odq3mWlVGRxrSQWw1heQJD+0MGhYOChyjmVpNU/UlltbzPkkouNlshdGqq40bNF7i1 aNSfaleA==; Received: from bruce by momjian.us with local (Exim 4.98.2) (envelope-from ) id 1vEYoQ-0000000680n-193H; Thu, 30 Oct 2025 15:59:58 -0400 Date: Thu, 30 Oct 2025 15:59:58 -0400 From: Bruce Momjian To: Laurenz Albe Cc: Ron Johnson , pgsql-general Subject: Re: Enquiry about TDE with PgSQL Message-ID: References: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On Fri, Oct 17, 2025 at 09:01:52AM +0200, Laurenz Albe wrote: > On Fri, 2025-10-17 at 00:49 -0400, Ron Johnson wrote: > > On Thu, Oct 16, 2025 at 6:05 PM Greg Sabino Mullane wrote: > > > > > > TDE, on the other hand, is a very complex and difficult thing to add into Postgres. > > > > TDE was added to SQL Server, with (to us, at least) minimally-noticed overhead. > > Oracle has it, too, but I don't know the details. > > > > The bottom line is that requirements for TDE are escalating, whether you like it or > > not, as Yet Another Layer Of Defense against hackers exfiltrating data, and then > > threatening to leak it to the public. > > Bruce Momjian has interesting things to say about that in > https://compiledconversations.com/6/ (unfortunately I don't remember where > exactly in this 84 minute piece). Here is my most recent blog about TDE: https://momjian.us/main/blogs/pgblog/2025.html#February_22_2025 -- Bruce Momjian https://momjian.us EDB https://enterprisedb.com Do not let urgent matters crowd out time for investment in the future.