| From: | Greg Sabino Mullane <htamfids(at)gmail(dot)com> |
|---|---|
| To: | Ashish Mukherjee <ashish(dot)mukherjee(at)gmail(dot)com> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Enquiry about TDE with PgSQL |
| Date: | 2025-10-16 22:04:49 |
| Message-ID: | CAKAnmmKDCOdUT5JtJZz5papMO0zW1cnG4934d6aQVCQ_KdbUeg@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
>
> I would like to enquire that based on the anecdotal experience of group
> members, which TDE solution works best for PgSQL 17 databases.
Generally speaking, there is no "best". People use whatever vendor they
happen to already use. Your best solution is to avoid TDE altogether. If
you really need encryption at rest, have the OS do it. That works well
(transparently, even), is very battle-tested, and has minimal performance
impact. TDE, on the other hand, is a very complex and difficult thing to
add into Postgres. Currently it means you are using a forked version of
Postgres and are incurring overhead every time you read or write to disk.
The scenario I have is of a large number of tables (15-20K) and some
> tables with 100M tuples each. The total database size is 4TB.
The size and number of tables does not really matter. How often you write
WAL, and how often things move in and out of shared buffers is what matters.
Cheers,
Greg
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Greg Sabino Mullane | 2025-10-16 22:18:57 | Re: Option on `postgres` CLI to shutdown when there are no more active connections? |
| Previous Message | Nathan Bossart | 2025-10-15 21:38:05 | Re: Clarification on Role Access Rights to Table Indexes |