As part of GDPR requirement we need to encrypt data at rest. We are planning to use Postgres and from the below links looks like TDE can be achieved in Postgres as well.

https://www.enterprisedb.com/blog/postgres-and-transparent-data-encryption-tde https://www.cybertec-postgresql.com/en/products/postgresql-transparent-data-encryption/

When we have multiple schema in Postgres, is it possible to apply TDE only in a particular schema?

CodePudding user response：

Unfortunately it is not possible to just encrypt a schema because, when you install PostgreSQL TDE, you initialize the whole database with the encryption key.

Like you can see in the picture here:

CodePudding user response：

there is a reason for this: if we allow encryption on a per-table level (or per schema or per database, doesn't matter) we got to manage an infinite number of keys. this is especially true during point-in-time-recovery and all that. this is why we decided to do the encryption on the instance level. one key. the core advantage is: we can easily encrypt all parts of the instance including the WAL, temp files, and so on (basically everything but the clog).

don't expect this to change - go for full encryption. we can help you with that.

cheers from cybertec :) i hope you like the feature :)

hans