On Oct 31, 2025, at 07:54, Bruce Momjian <[email protected]> wrote: > So it seems we have somewhat of a stand-off, with the Postgres project > questioning the value of TDE and the PCI writers doubling-down on > specifying disk-level encryption as insufficient.
PCI definitely exhibits a preference away from disk-level encryption, although it doesn't prohibit it: you have to make sure that simply mounting the disk doesn't decrypt it. Their concern is that if user credentials are compromised, and an attacker then has to do something else in order to see the plaintext. This kind of implies TDE, although they don't use that term. Now, the road forks here: 1. If a customer wants TDE and isn't interested in hearing about other solutions, then TDE is only thing that will meet that goal. 2. The PCI spec doesn't specifically offer up TDE as an alternative to disk-level encryption, though. It exhibits a strong preference for column-level encryption of sensitive data, which doesn't require TDE. In some ways, there's no real point of discussion. You can comply with PCI without TDE (I would argue that, in fact, you are in a better position with column-level encryption), but if the organization wants TDE, then the technical arguments rarely matter.
