Re: Enquiry about TDE with PgSQL

On Fri, Oct 31, 2025 at 7:22 PM Bruce Momjian <bruce(at)momjian(dot)us> wrote:

> On Fri, Oct 31, 2025 at 06:33:54PM +0100, Álvaro Herrera wrote:
> > On 2025-Oct-31, Bruce Momjian wrote:
> >
> > > Yes, we have been avoiding the masquerade for years. The question is
> > > can we continue. From the lack of discussion since April 1, 2025, it
> > > seems the answer is yes.
>
I think this assumption can be considered a false positive. The main reason
this hasn't surfaced yet is that it first takes some time to adjust, and
more importantly, there are the downstream forks with the necessary changes
that are already in use or continue to be sold. So why stop doing this?

> >
> > Maybe, but I think the only reason for this is that some companies are
> > implementing it locally in their forks or whatever. I bet there are
> > many prospective customers that we (the open source Postgres project)
> > are not reaching because of lack of certifiability in this area.
> >
> > Can we continue to ignore it? My impression is that that strategy will
> > continue to work, perhaps indefinitely. Is it a good idea? Of that I
> > am not so sure.
>
> Agreed. Just to state the obvious, I have never heard of any Postgres
> support company discouraging the community from implementing TDE. In
> fact, I have heard them strongly encourage it.
>
I don't think, as stated initially, that we can continue to ignore this any
longer. As a project, we are losing out on a significant number of users
who are willing to use fully open-source solutions, but are held back due
to this requirement. We had numerous conversations over the last few years,
exactly about this fact, and people went with MySQL, Mongo, or others - not
because of "does this technically make sense to us as engineers, but
because they couldn't fulfill their internal requirements". As Laurenz
already stated very well: "rational arguments are missing the point".

It's not news that we also tried a way of implementing it. What I would
like to achieve here is a group of interested people who can actually make
a call on how this is envisioned to work. Do we handle everything in core
directly, or do we make all necessary parts extensible? This approach may
be more efficient in the long run, as it also enables a variety of other
use cases. This is the conversation I would like to have. We're absolutely
happy and willing to spend as much time as needed to implement a solution
that works directly with PostgreSQL, so we no longer ignore huge parts of
the industry, which will only get worse over the next few years, as more
and more standards are to follow. Once we lose this user base, we all know
how long it will take to regain any of them. I don't think we want, nor
should we, to go down that route, as it would harm us as a project in the
long run. We have been on a rise for many years, but if we want to stay
there and continue to do so, some "checkbox" or "security requirements"
need to be implemented, despite "technical arguments," as otherwise some of
the largest companies worldwide cannot consider using postgres.

>
> --
> Bruce Momjian <bruce(at)momjian(dot)us>
> https://url.avanan.click/v2/r01/___https://momjian.us___.YXAzOnBlcmNvbmE6YTpnOmEyOTY2NTBjZWViOWUxZGMyMWI2ZDQwNGQ2NjZjNWQ1Ojc6MGE3MDo5YjgwNjIzYzk1NzI1OGRhZmNiYjJmYjFjNjI4NjFmOTI2NDM0YzM3Y2NhODZmNDE2YmEyY2UyMmM4ZDkxY2FmOnA6VDpO
> EDB
> https://url.avanan.click/v2/r01/___https://enterprisedb.com___.YXAzOnBlcmNvbmE6YTpnOmEyOTY2NTBjZWViOWUxZGMyMWI2ZDQwNGQ2NjZjNWQ1Ojc6NWUxZDo5Y2FiZWYwNzc1YzlhNTY0MGY2ZGM0MjNmMWNjMTY1ZmJlZGNlNmZlMmI4ZjE2ZGY2Y2RmYWEwZjM5NTUzYjY4OnA6VDpO
>
> Do not let urgent matters crowd out time for investment in the future.
>