Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1l59HP-0006mQ-1L for pgsql-novice@arkaria.postgresql.org; Thu, 28 Jan 2021 15:32:19 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.92) (envelope-from ) id 1l59HN-00030M-Kj for pgsql-novice@arkaria.postgresql.org; Thu, 28 Jan 2021 15:32:17 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1l59HN-00030F-Ep for pgsql-novice@lists.postgresql.org; Thu, 28 Jan 2021 15:32:17 +0000 Received: from momjian.us ([72.94.173.45]) by magus.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1l59HK-0003HJ-W1 for pgsql-novice@lists.postgresql.org; Thu, 28 Jan 2021 15:32:17 +0000 Received: from bruce by momjian.us with local (Exim 4.92) (envelope-from ) id 1l59HJ-0003Zw-40; Thu, 28 Jan 2021 10:32:13 -0500 Date: Thu, 28 Jan 2021 10:32:13 -0500 From: Bruce Momjian To: Tom Lane Cc: Martin Goodson , "pgsql-novice@lists.postgresql.org" Subject: Re: Transparent Data Encryption in PostgreSQL? Message-ID: <20210128153213.GC24155@momjian.us> References: <2545980.1611847051@sss.pgh.pa.us> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <2545980.1611847051@sss.pgh.pa.us> User-Agent: Mutt/1.10.1 (2018-07-13) List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Precedence: bulk On Thu, Jan 28, 2021 at 10:17:31AM -0500, Tom Lane wrote: > Martin Goodson writes: > > ... but a colleague at work is adamant that PostgreSQL has had TDE since > > 2019. > > There is at least one fork with TDE, which maybe is what your colleague is > thinking of, but it doesn't exist in the community code today. Various > people are interested in merging the feature. At this point I'd lay > odds against it being ready for v14, but perhaps it will happen for v15. Yeah, we could get the key management into PG 14, but it wouldn't do anything, so it would have to be hidden so it didn't confuse people, so what's the point of adding it now? Also, I don't know anyone who is currently working on the data encryption stage, which is the next step. -- Bruce Momjian https://momjian.us EDB https://enterprisedb.com The usefulness of a cup is in its emptiness, Bruce Lee