Date: Fri, 31 Oct 2025 20:33:49 -0400
From: Bruce Momjian <bruce@momjian.us>
To: "Clay Jackson (cjackson)" <Clay.Jackson@quest.com>
Cc: Christophe Pettus <xof@thebuild.com>,
	pgsql-general <pgsql-general@postgresql.org>,
	Kai Wagner <kai.wagner@percona.com>,
	Laurenz Albe <laurenz.albe@cybertec.at>,
	Ron Johnson <ronljohnsonjr@gmail.com>
Subject: Re: Enquiry about TDE with PgSQL
Message-ID: <aQVVbZJRdKibRsip@momjian.us>
References: <CACgMzfwSDRF+kQr59h0-xGUobCeFZxwVzE_tUxF18DkVb+vuDQ@mail.gmail.com>
 <CAKAnmmKDCOdUT5JtJZz5papMO0zW1cnG4934d6aQVCQ_KdbUeg@mail.gmail.com>
 <CANzqJaA41CzNjkiQex+A0u9z11i6R3WQZJ+fkXfJO7VJwOMWzg@mail.gmail.com>
 <a1dae4a583d560a90c67872b766ead02ddb13e51.camel@cybertec.at>
 <aQPDvqUzZVKkaxsS@momjian.us>
 <CAG0qCNhL=SEB4vc4v48PxN1F-t8htC463TpX7KDNWQ-s3s8dtA@mail.gmail.com>
 <aQTNmM-3VeTRZdx0@momjian.us>
 <FC8C7F2D-CD38-42C7-80D3-516239B70A2D@thebuild.com>
 <aQVScCjItvCtgVPn@momjian.us>
 <CO1PR19MB4984B665A5F9F38A5E0FB5969BF9A@CO1PR19MB4984.namprd19.prod.outlook.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CO1PR19MB4984B665A5F9F38A5E0FB5969BF9A@CO1PR19MB4984.namprd19.prod.outlook.com>
Archived-At: <https://www.postgresql.org/message-id/aQVVbZJRdKibRsip%40momjian.us>
Precedence: bulk

On Sat, Nov  1, 2025 at 12:24:25AM +0000, Clay Jackson (cjackson) wrote:
> I can't disagree - but the question them becomes, as Markus and
> other have pointed out; would that allow a customer/user to check the
> "Encryption" box for PCI or any other "compliance review"

I think so.  It says storage encryption is insufficient, but it doesn't
say client-side column-level encryption is insufficient.

-- 
  Bruce Momjian  <bruce@momjian.us>        https://momjian.us
  EDB                                      https://enterprisedb.com

  Do not let urgent matters crowd out time for investment in the future.