This blog is about my work on the Postgres open source database, and is published on Planet PostgreSQL. PgLife allows monitoring of all Postgres community activity.
Online status:
Unread Postgres emails:
Email graphs:
incoming,
outgoing,
unread,
commits
(details)
Wish I Was Wrong About Tde
Saturday, February 22, 2025
I first blogged about Transparent Data Encryption (tde) in 2019, which was more thoroughly analyzed in a blog post in 2023. An email exchange in December 2024 summarized the most up-to-date status of this feature:
When I started focusing on tde, it was going to require changes to buffer reads/writes, wal, and require a way to store secret keys. I thought those changes would be acceptable given tde's security value. Once file I/O changes were required, I think the balance tilted to tde requiring too many code changes given its security value (not policy compliance value).
That analysis was not challenged in the email thread, which makes me conclude that a Postgres core implementation of tde is unlikely in the near future. An interesting email thread reply was more philosophical:
The number of forks [of tde], though, makes me feel this is a "when", not "if" feature. Has there been any other complex feature forked/implemented by so many? Maybe columnar storage?
This argues that a Postgres core implementation of tde is inevitable since there are few cases where multiple commercial feature implementations have not been eventually implemented in core. A counter argument is that tde might not fit that pattern since its value is mostly regulatory and ease-of-deployment. Time will tell.
RSS
Tuesday, January 28, 2025
I delivered my presentation Databases in the AI Trenches today as part of a tutorial at Prague PostgreSQL Developer Day, so I have placed my slides online. It focuses on semantic search, generative AI, and rag, and builds on my discriminative AI talk, Postgres and the Artificial Intelligence Landscape. I will also be giving this talk on Saturday and the Tuesday after that.