Pardo me for jumping in here - but would filesystem level encryption possibly meet your requirements?
Clay Jackson Database Solutions Sales Engineer [email protected] office 949-754-1203 mobile 425-802-9603 -----Original Message----- From: Bruce Momjian <[email protected]> Sent: Friday, October 31, 2025 10:06 AM To: Christophe Pettus <[email protected]> Cc: Adrian Klaver <[email protected]>; Kai Wagner <[email protected]>; Laurenz Albe <[email protected]>; Ron Johnson <[email protected]>; pgsql-general <[email protected]> Subject: Re: Enquiry about TDE with PgSQL CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe. On Fri, Oct 31, 2025 at 10:04:35AM -0700, Christophe Pettus wrote: > > > > On Oct 31, 2025, at 08:21, Adrian Klaver <[email protected]> > > wrote: Yeah, what I would like to know is how many of the data > > breaches actually grab directly from the storage versus getting it > > through the database or other software above the storage? > > Essentially zero. > > PCI, like a lot of data security standards, are a magpie's assemblage > of things that the authors have heard about all of which sound > "secure" to them. However, since these particular magpies have > machine guns (metaphorically) and can do serious damage to businesses, > we must play along with the masquerade. Yes, we have been avoiding the masquerade for years. The question is can we continue. From the lack of discussion since April 1, 2025, it seems the answer is yes. -- Bruce Momjian <[email protected]> https://momjian.us/ EDB https://enterprisedb.com/ Do not let urgent matters crowd out time for investment in the future.
