Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1vG6Qr-007vmh-KS
	for pgsql-general@arkaria.postgresql.org; Tue, 04 Nov 2025 02:06:00 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1vG6Qq-00AYeG-AB
	for pgsql-general@arkaria.postgresql.org; Tue, 04 Nov 2025 02:05:59 +0000
Received: from makus.postgresql.org ([2001:4800:3e1:1::229])
	by malur.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <bruce@momjian.us>)
	id 1vG6Qp-00AYdu-TT
	for pgsql-general@lists.postgresql.org; Tue, 04 Nov 2025 02:05:58 +0000
Received: from momjian.us ([72.94.173.45])
	by makus.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <bruce@momjian.us>)
	id 1vG6Qn-005KKb-0M
	for pgsql-general@postgresql.org;
	Tue, 04 Nov 2025 02:05:57 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=momjian.us;
	s=2025010100; h=In-Reply-To:Content-Type:MIME-Version:References:Message-ID:
	Subject:Cc:To:From:Date:Sender:Reply-To:Content-Transfer-Encoding:Content-ID:
	Content-Description; bh=qMXE+dr+sYbOv9QCUdmEiAJ6TVGtt5bGJ/Si/+AjMTs=; b=BpBeG
	AwMEfv4Zs9uyjTfOt8VWKMx5ydwIqidiro5WPUjJid36xbqHHnHWNJjfVKoCsxoBaliG2GkJ0F2A3
	jStka3dVVYLaoZuPtukrgcGsQgSscknaf/4HKQhI72o66kHmGpa7oeEXk196qgKuF6DxpOtGa1FKO
	VqAO2o6pYmdy6WHTHfbwmDaxjEQVO8/lWV85jwPrHEJKgKynh1+UnFcYCbeeyNSVZD2RQRB9KFdUq
	Ja8yHdyNqJKfkdrZ7Gf/I5zY62DRdRvQtUhDoGU+X+Gr5fDbiuxVrAvHS8xbEMv72LU/TVLfo8TIG
	Xe+/liJFVLUGJdRcZKAWKBFfUbtrg==;
Received: from bruce by momjian.us with local (Exim 4.98.2)
	(envelope-from <bruce@momjian.us>)
	id 1vG6Qk-0000000EJ1l-1XTZ;
	Mon, 03 Nov 2025 21:05:54 -0500
Date: Mon, 3 Nov 2025 21:05:54 -0500
From: Bruce Momjian <bruce@momjian.us>
To: Laurenz Albe <laurenz.albe@cybertec.at>
Cc: Kai Wagner <kai.wagner@percona.com>,
	Chris Travers <chris.travers@gmail.com>,
	Christophe Pettus <xof@thebuild.com>,
	"Clay Jackson (cjackson)" <Clay.Jackson@quest.com>,
	pgsql-general <pgsql-general@postgresql.org>,
	Ron Johnson <ronljohnsonjr@gmail.com>
Subject: Re: Enquiry about TDE with PgSQL
Message-ID: <aQlfgmZO9seHsmMx@momjian.us>
References: <FC8C7F2D-CD38-42C7-80D3-516239B70A2D@thebuild.com>
 <aQVScCjItvCtgVPn@momjian.us>
 <CO1PR19MB4984B665A5F9F38A5E0FB5969BF9A@CO1PR19MB4984.namprd19.prod.outlook.com>
 <3DC589BC-A5F6-49BC-BFFC-F1FCB0FF7E95@thebuild.com>
 <CAKt_ZfuwPgG_nJHp6S=8k_+NdA6Op7hE0z7+s4-HuBqr1cnwsg@mail.gmail.com>
 <CAG0qCNjd2m9Ej1ZEwuCCkgsqJz0vnso3ZFwjKCxzwUfnfu=SNw@mail.gmail.com>
 <aQYSAGEfd116_58N@momjian.us>
 <CAG0qCNgV+Ra72vTvCoTZqn7KUUsXvp3N=ZUgACgMTDDPt8WTkA@mail.gmail.com>
 <aQjeuRsBLS6cXNLC@momjian.us>
 <bb3db67c53fc1c58ba1fae740b52cb7450fbcab3.camel@cybertec.at>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <bb3db67c53fc1c58ba1fae740b52cb7450fbcab3.camel@cybertec.at>
List-Id: <pgsql-general.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-general@lists.postgresql.org>
List-Owner: <mailto:pgsql-general-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-general>
Archived-At: <https://www.postgresql.org/message-id/aQlfgmZO9seHsmMx%40momjian.us>
Precedence: bulk

On Mon, Nov  3, 2025 at 07:42:06PM +0100, Laurenz Albe wrote:
> On Mon, 2025-11-03 at 11:56 -0500, Bruce Momjian wrote:
> > The problem with the Percona extension is it seems like it was developed
> > mostly/all by Percona employees, meaning development was driven/steered
> > by Percona, and there was insufficient feedback from the community for
> > it to be polished enough to be a general community solution.
> 
> Reading a Percona blog, it looks like you need a modified server to get
> to encrypt WAL, and they probably have no support for encrypting
> temporary files.  So I'd say that TDE can probably not be a pure extension.
> Perhaps somebody from Percona can confirm.

Yes, the server has to be modified because the hooks they need don't
exist in the community source code.  They also have encryption control
on the table level, which I frankly think will never work long-term
because the storage API doesn't have enough table-level detail, so I
think they are considering tablespace-level or cluster-level encryption.

> But I don't think it's a shortage of implementations for TDE that is the
> problem.
> 
> Since you say that encrypting the temp files is the biggest hurdle for
> community acceptance, what about a first version that does not encrypt
> temp files?  For one, that will be good for encrypted backups (which is
> one of the good use cases for TDE), and then you could argue that temp
> files are not data *at rest*, so data-at-rest-encryption does not apply
> to them.  Rome wasn't built in a day, and neither were parallel query
> or declarative partitioning.

Uh, people will say that if the solution is not 100% secure in its
coverage, it is much less useful and therefore not worth it.

-- 
  Bruce Momjian  <bruce@momjian.us>        https://momjian.us
  EDB                                      https://enterprisedb.com

  Do not let urgent matters crowd out time for investment in the future.