On Thu, Oct 3, 2019 at 4:40 PM Stephen Frost <sfrost@snowman.net> wrote:
* Robert Haas (robertmhaas@gmail.com) wrote: > On Mon, Sep 30, 2019 at 5:26 PM Bruce Momjian <bruce@momjian.us> wrote: > > For full-cluster Transparent Data Encryption (TDE), the current plan is > > to encrypt all heap and index files, WAL, and all pgsql_tmp (work_mem > > overflow). The plan is: > > > > https://wiki.postgresql.org/wiki/Transparent_Data_Encryption#TODO_for_Full-Cluster_Encryption > > > > We don't see much value to encrypting vm, fsm, pg_xact, pg_multixact, or > > other files. Is that correct? Do any other PGDATA files contain user > > data? > > As others have said, that sounds wrong to me. I think you need to > encrypt everything.
That isn't what other database systems do though and isn't what people actually asking for this feature are expecting to have or deal with.
Do any of said other database even *have* the equivalence of say pg_clog or pg_multixact *stored outside their tablespaces*? (Because as long as the data is in the tablespace, it's encrypted when using tablespace encryption..)