postgresqltde

Postgres TDE capability only for specific schema


As part of GDPR requirement we need to encrypt data at rest. We are planning to use Postgres and from the below links looks like TDE can be achieved in Postgres as well.

https://www.enterprisedb.com/blog/postgres-and-transparent-data-encryption-tde https://www.cybertec-postgresql.com/en/products/postgresql-transparent-data-encryption/

When we have multiple schema in Postgres, is it possible to apply TDE only in a particular schema?


Solution

  • there is a reason for this: if we allow encryption on a per-table level (or per schema or per database, doesn't matter) we got to manage an infinite number of keys. this is especially true during point-in-time-recovery and all that. this is why we decided to do the encryption on the instance level. one key. the core advantage is: we can easily encrypt all parts of the instance including the WAL, temp files, and so on (basically everything but the clog).

    don't expect this to change - go for full encryption. we can help you with that.

    cheers from cybertec :) i hope you like the feature :)

    hans