Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

PG-1206 Reworked intro to pg_tde #353

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Conversation

nastena1606
Copy link
Collaborator

PG-1206

Description

Reworked the intro on the index page to make it more appealing.
Added a link to what's TDE.
Added some FAQ

@nastena1606 nastena1606 added the documentation Improvements or additions to documentation label Nov 18, 2024
Copy link

github-actions bot commented Nov 18, 2024

Performance test results:
Normal queries: 8965
TDE queries: 8656
Percentage: 96%
CSV entries: 1010312 pp-2019.csv
Sequential scan read times

HEAP: 1092.327
TDE: 1325.220 (121%)
TDE_BASIC: 1325.220 (159%)


## I use disk-level encryption. Why should I care about TDE?

Encrypting hard drive encrypts all data, system and application files that are there. However, disk encryption doesn’t protect your data after the boot-up of your system. During runtime, the files are decrypted with disk-encryption.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"Encrypting a hard drive..." or "Encrypting hard drives.." also "..encrypts all data, including system and..." (that is easier to read I think).

documentation/docs/faq.md Show resolved Hide resolved

## How does it work?

To encrypt the data, two types of keys are used:

* Database keys to encrypt user data. These are stored internally, near the data that they encrypt.
* Table encryption keys (TEK) to encrypt user data. These keys are stored internally, near the data that they encrypt.
* The principal key to encrypt database keys. It is kept separately from the database keys and is managed externally.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* The principal key to encrypt database keys. It is kept separately from the database keys and is managed externally.
* The principal key to encrypt table keys. It is kept separately from the table keys and is managed externally.


* For DBAs:

- Allows defining what to encrypt in the table and with what key
- Encryption on storage level is not a must to provide data safety. However, using TDE and storage-level encryption together adds another layer of data security
- Granular encryption of specific tablespaces and reducing the performance overhead that encryption brings
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
- Granular encryption of specific tablespaces and reducing the performance overhead that encryption brings
- Granular encryption of specific tables and reducing the performance overhead that encryption brings

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
documentation Improvements or additions to documentation
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants