Re: Enquiry about TDE with PgSQL

On Fri, Oct 31, 2025 at 05:16:09PM -0700, Christophe Pettus wrote:
> On Oct 31, 2025, at 07:54, Bruce Momjian <bruce(at)momjian(dot)us> wrote:
> > So it seems we have somewhat of a stand-off, with the Postgres
> > project questioning the value of TDE and the PCI writers
> > doubling-down on specifying disk-level encryption as insufficient.
>
> PCI definitely exhibits a preference away from disk-level encryption,
> although it doesn't prohibit it: you have to make sure that simply
> mounting the disk doesn't decrypt it. Their concern is that if
> user credentials are compromised, and an attacker then has to do
> something else in order to see the plaintext. This kind of implies
> TDE, although they don't use that term.
>
> Now, the road forks here:
>
> 1. If a customer wants TDE and isn't interested in hearing about other
> solutions, then TDE is only thing that will meet that goal.
>
> 2. The PCI spec doesn't specifically offer up TDE as an alternative to
> disk-level encryption, though. It exhibits a strong preference for
> column-level encryption of sensitive data, which doesn't require TDE.
>
> In some ways, there's no real point of discussion. You can comply
> with PCI without TDE (I would argue that, in fact, you are in a better
> position with column-level encryption), but if the organization wants
> TDE, then the technical arguments rarely matter.

I think column-level encryption, on the client side, actually does
improve security and is preferable to file system level TDE, and I think
many here feel the same way.

--
Bruce Momjian <bruce(at)momjian(dot)us> https://momjian.us
EDB https://enterprisedb.com

Do not let urgent matters crowd out time for investment in the future.