public inbox for [email protected]
help / color / mirror / Atom feedFrom: Laurenz Albe <[email protected]>
To: Bruce Momjian <[email protected]>
To: Kai Wagner <[email protected]>
Cc: Chris Travers <[email protected]>
Cc: Christophe Pettus <[email protected]>
Cc: Clay Jackson (cjackson) <[email protected]>
Cc: pgsql-general <[email protected]>
Cc: Ron Johnson <[email protected]>
Subject: Re: Enquiry about TDE with PgSQL
Date: Mon, 03 Nov 2025 19:42:06 +0100
Message-ID: <[email protected]> (raw)
In-Reply-To: <[email protected]>
References: <CAG0qCNhL=SEB4vc4v48PxN1F-t8htC463TpX7KDNWQ-s3s8dtA@mail.gmail.com>
<[email protected]>
<[email protected]>
<[email protected]>
<CO1PR19MB4984B665A5F9F38A5E0FB5969BF9A@CO1PR19MB4984.namprd19.prod.outlook.com>
<[email protected]>
<CAKt_ZfuwPgG_nJHp6S=8k_+NdA6Op7hE0z7+s4-HuBqr1cnwsg@mail.gmail.com>
<CAG0qCNjd2m9Ej1ZEwuCCkgsqJz0vnso3ZFwjKCxzwUfnfu=SNw@mail.gmail.com>
<[email protected]>
<CAG0qCNgV+Ra72vTvCoTZqn7KUUsXvp3N=ZUgACgMTDDPt8WTkA@mail.gmail.com>
<[email protected]>
On Mon, 2025-11-03 at 11:56 -0500, Bruce Momjian wrote:
> The problem with the Percona extension is it seems like it was developed
> mostly/all by Percona employees, meaning development was driven/steered
> by Percona, and there was insufficient feedback from the community for
> it to be polished enough to be a general community solution.
Reading a Percona blog, it looks like you need a modified server to get
to encrypt WAL, and they probably have no support for encrypting
temporary files. So I'd say that TDE can probably not be a pure extension.
Perhaps somebody from Percona can confirm.
But I don't think it's a shortage of implementations for TDE that is the
problem.
Since you say that encrypting the temp files is the biggest hurdle for
community acceptance, what about a first version that does not encrypt
temp files? For one, that will be good for encrypted backups (which is
one of the good use cases for TDE), and then you could argue that temp
files are not data *at rest*, so data-at-rest-encryption does not apply
to them. Rome wasn't built in a day, and neither were parallel query
or declarative partitioning.
Yours,
Laurenz Albe
view thread (36+ messages)
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected]
Subject: Re: Enquiry about TDE with PgSQL
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox