TDE as an Extension: A Different Path for PostgreSQL Encryption
Thursday, October 23 at 11:25–12:15
Transparent Data Encryption (TDE) has been a long-standing challenge in the PostgreSQL community. While proprietary solutions exist and major patch sets have been proposed, the topic continues to spark debate on the hackers mailing list, with no clear path forward.
Our team decided to take a different approach: instead of building TDE directly into PostgreSQL, we explored how far we could go by implementing it as an extension, pushing core changes only where extensibility improvements were needed.
This has been, and still is, a demanding project. Along the way, we have built multiple prototypes, hit dead ends, and uncovered design trade-offs that were not obvious at the start.
In this talk, we will share the technical lessons from our journey: what failed, what succeeded, how our extension-based approach actually works, and which challenges remain unsolved.
