On Fri, 2025-10-17 at 00:49 -0400, Ron Johnson wrote: > On Thu, Oct 16, 2025 at 6:05 PM Greg Sabino Mullane <htamfids@gmail.com> wrote: > > > > TDE, on the other hand, is a very complex and difficult thing to add into Postgres. > > TDE was added to SQL Server, with (to us, at least) minimally-noticed overhead. > Oracle has it, too, but I don't know the details. > > The bottom line is that requirements for TDE are escalating, whether you like it or > not, as Yet Another Layer Of Defense against hackers exfiltrating data, and then > threatening to leak it to the public.
Bruce Momjian has interesting things to say about that in https://compiledconversations.com/6/ (unfortunately I don't remember where exactly in this 84 minute piece).
It is a feature that users want (or need to comply with whatever they feel they have to comply with). On the other hand, it has very limited technical or security value, which hampers its acceptance into core.
I gave you a reason: "Yet Another Layer Of Defense against hackers exfiltrating data". It's the same reason PgBackRest encrypts backups.
