Home > mailing lists

Re: Enquiry about TDE with PgSQL - Mailing list pgsql-general

From	Christophe Pettus
Subject	Re: Enquiry about TDE with PgSQL
Date	October 31 20:40:56
Msg-id	9358BA09-E2C6-4116-9E9E-3DA5D31A11DA@thebuild.com Whole thread Raw
In response to	RE: Enquiry about TDE with PgSQL ("Clay Jackson (cjackson)" <Clay.Jackson@quest.com>)
List	pgsql-general

Tree view

> On Oct 31, 2025, at 10:32, Clay Jackson (cjackson) <Clay.Jackson@quest.com> wrote:
>
> Pardo me for jumping in here - but would filesystem level encryption possibly meet your requirements?

If we're talking about PCI DSS, the answer is: Yes, but.  Filesystem-level encryption is acceptable IF the encryption
keys(or other passwords used to unlock them) are separate from the user access controls to the host that has the
encryptedvolume attached.  You have to go through a second step of decrypting the volume (or making it available for
decryptedreads) separate from just mounting it.

pgsql-general by date:

From: Álvaro Herrera
Date: 31 October, 20:33:54
Subject: Re: Enquiry about TDE with PgSQL

From: Bruce Momjian
Date: 31 October, 21:22:22
Subject: Re: Enquiry about TDE with PgSQL

Re: Enquiry about TDE with PgSQL - Mailing list pgsql-general

Previous

Next