> Am 01.11.2025 um 19:54 schrieb Ken Marshall <ktm@rice.edu>:
>
> +1 from me for having TDE in-core or available as an extension
>
> The security auditors that I have worked with have been increasingly
> unwilling to actual evaluate the merits of an implementation or perhaps
> no longer have the knowledge or skills needed. This is a needed
> checkbox to allow PostgreSQL to be deployed in those environments.
>
>
Do you actually have HSMs with your TDE (assuming you use it elsewhere?
We run, for a customer, an Oracle DataGuard configuration with TDE with a HSM.
We have a support-contract with a 3rd party company that helps us with the more obscure problems on Oracle that we
don’tencounter every day and they told us of all their clients (banks, insurance companies), we are the only ones with
TDE.They loath working with it ;-)
There’s apparently another non-disclosed customer that uses it.
It may be that a lot of people now use „cloud HSMs“ - but I’m a bit of a purist for these kinds of things in that I
believethat unless you own the hardware (HSMs are usually tamper-proof enough so you can deploy them in 3rd-party
datacentersthat aren’t your own), you don’t really control the keys.
In our case, the databases are backed up with rman to an NFS share that is provided by a virtualized linux server - the
seversitself are hardware.
If you don’t have TDE, your backups aren’t encrypted and they end up on the veeam server like everything else, where an
admincould copy them somewhere else and potentially take them elsewhere.
With the HSM, we don’t actually know the secret to decrypt the data (there may be a way to get it, I don’t know). We
knowthe secret to unseal the wallet (that sits on the HSM, I believe) so that the database actually mounts and starts.
It’s pretty bullet-proof (I believe there’s techniques to prevent sniffing out the secret from RAM and HSMs usually
implementthose in their client software).
In fact, it’s so bullet-proof that should you lose the keys on the HSM, your data is gone if you have no other backups
orbackups of the HSM.
If the amount of data is small enough, you can GPG encrypt a „normal“ full dump - but that become unfeasible as
databasesize grows.
