RE: Enquiry about TDE with PgSQL

Pardo me for jumping in here - but would filesystem level encryption possibly meet your requirements?

Clay Jackson
Database Solutions Sales Engineer
clay(dot)jackson(at)quest(dot)com
office 949-754-1203 mobile 425-802-9603

-----Original Message-----
From: Bruce Momjian <bruce(at)momjian(dot)us>
Sent: Friday, October 31, 2025 10:06 AM
To: Christophe Pettus <xof(at)thebuild(dot)com>
Cc: Adrian Klaver <adrian(dot)klaver(at)aklaver(dot)com>; Kai Wagner <kai(dot)wagner(at)percona(dot)com>; Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at>; Ron Johnson <ronljohnsonjr(at)gmail(dot)com>; pgsql-general <pgsql-general(at)postgresql(dot)org>
Subject: Re: Enquiry about TDE with PgSQL

CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.

On Fri, Oct 31, 2025 at 10:04:35AM -0700, Christophe Pettus wrote:
>
>
> > On Oct 31, 2025, at 08:21, Adrian Klaver <adrian(dot)klaver(at)aklaver(dot)com>
> > wrote: Yeah, what I would like to know is how many of the data
> > breaches actually grab directly from the storage versus getting it
> > through the database or other software above the storage?
>
> Essentially zero.
>
> PCI, like a lot of data security standards, are a magpie's assemblage
> of things that the authors have heard about all of which sound
> "secure" to them. However, since these particular magpies have
> machine guns (metaphorically) and can do serious damage to businesses,
> we must play along with the masquerade.

Yes, we have been avoiding the masquerade for years. The question is can we continue. From the lack of discussion since April 1, 2025, it seems the answer is yes.

--
Bruce Momjian <bruce(at)momjian(dot)us> https://momjian.us/
EDB https://enterprisedb.com/

Do not let urgent matters crowd out time for investment in the future.