Welcome to pg_tde documentation!
Transparent Data Encryption offers encryption at the file level and solves the problem of protecting data at rest. The encryption is transparent for users allowing them to access and manipulate the data and not to worry about the encryption process. As a key provider, the extension supports the keyringfile, Hashicorp Vault and KMIP-compatible servers.
- Works with community PostgreSQL 16 and 17 or with Percona Server for PosgreSQL 17
- Encrypts tuples and WAL
- Doesn't encrypt indexes, temporary files, statistics
- CPU expensive as it decrypts pages each time they are read from bufferpool
- Works only with Percona Server for PostgreSQL 17
- Uses extended Storage Manager and WAL APIs
- Encrypts tuples, WAL and indexes
- Doesn't encrypt temporary files and statistics yet
- Faster and cheaper than
tde_heap_basic
This repository contains the source files for pg_tde documentation.
The documentation is written in Markdown markup language and is created using MkDocs.
The pg_tde code is in the postgres repository since the extension is supplied with Percona Server for PostgreSQL.
We welcome all contributors. For how to contribute to documentation, read the Contributing guide.
Percona is dedicated to keeping open source open. Wherever possible, we strive to include permissive licensing for both our software and documentation. For this project, we are using the Apache License 2.0 license.