percona · nastena1606 · Feb 10, 2025 · Feb 12, 2025 · Feb 20, 2025
@@ -2,7 +2,7 @@
 
 ## Method 1. Change the access method
 
-If you encrypted a table with the `tde_heap` or `tde_heap_basic` access method and need to decrypt it, run the following command against the desired table (`mytable` in the example below):
+If you encrypted a table with the `tde_heap` access method and need to decrypt it, run the following command against the desired table (`mytable` in the example below):
 
 ```
 ALTER TABLE mytable SET access method heap;
@@ -22,22 +22,6 @@ SELECT pg_tde_is_encrypted('mytable');
 
 The output returns `f` meaning that the table is no longer encrypted. 
 
-!!! note ""
-
-    In the same way you can re-encrypt the data with the `tde_heap_basic` access method. 
-
-    ```
-    ALTER TABLE mytable SET access method tde_heap_basic;
-    ```
-
-    Note that the indexes and WAL files will no longer be encrypted.
-
-    Run a simple "count(*)" on your table to check every tuple for visibility and set the hint bits:
-
-    ```
-    SELECT COUNT(*) FROM mytable;
-    ```
-
 
 ## Method 2. Create a new unencrypted table on the base of the encrypted one
 

@@ -4,14 +4,16 @@ We provide `pg_tde` in two versions for both PostgreSQL Community and [Percona S
 
 The following table provides features available for each version:
 
-| PostgreSQL Community version  | Percona Server for PostgreSQL version <br> |
-|----------------------|-------------------------------|
-| Table encryption: <br> - data tables, <br> - TOAST tables <br> - temporary tables created during the database operation.<br><br> Metadata of those tables is not encrypted. | Table encryption: <br> - data tables, <br> - **Index data for encrypted tables**, <br> - TOAST tables, <br> - temporary tables created during the database operation.<br><br> Metadata of those tables is not encrypted.  |
-| Write-Ahead Log (WAL) encryption of data in encrypted tables | **Global** Write-Ahead Log (WAL) encryption: for data in encrypted and non-encrypted tables  |
-| Multi-tenancy support| Multi-tenancy support |
-| Table-level granularity |Table-level granularity | 
-| Key management via: <br> - HashiCorp Vault; <br> - Local keyfile | Key management via: <br> - HashiCorp Vault; <br> - KMIP server; <br> - Local keyfile|
-| | Logical replication of encrypted tables | 
+| Percona Server for PostgreSQL version | PostgreSQL Community version (deprecated)  |
+|-------------------------------|----------------------|
+| Table encryption: <br> - data tables, <br> - **Index data for encrypted tables**, <br> - TOAST tables, <br> - temporary tables created during the database operation.<br><br> Metadata of those tables is not encrypted.  | Table encryption: <br> - data tables, <br> - TOAST tables <br> - temporary tables created during the database operation.<br><br> Metadata of those tables is not encrypted. |
+| **Global** Write-Ahead Log (WAL) encryption: for data in encrypted and non-encrypted tables | Write-Ahead Log (WAL) encryption of data in encrypted tables |
+| Single-tenancy support via global keyring provider |   | 
+| Multi-tenancy support | Multi-tenancy support |
+| Table-level granularity | Table-level granularity |
+| Key management via: <br> - HashiCorp Vault; <br> - KMIP server; <br> - Local keyfile | Key management via: <br> - HashiCorp Vault; <br> - Local keyfile |
+| Logical replication of encrypted tables | |
+
 
 
 

@@ -24,10 +24,7 @@ Learn more [what is Transparent Data Encryption](tde.md#how-does-it-work) and [w
 ## Known limitations
 
 * Keys in the local keyfile are stored unencrypted. For better security we recommend using the Key management storage. 
-* System tables are currently not encrypted.
-* Currently you cannot update the configuration of an existing Key Management Store (KMS). If its configuration changes (e.g. your Vault server has a new URL), you must set up a new key provider in `pg_tde` and create new keys there. Both the KMS and PostgreSQL servers must be up and running during these changes. [Reach out to our experts](https://www.percona.com/about/contact) for help and to outline the best update path for you.
-
-    We plan to introduce the way to update the configuration of an existing KMS in future releases. 
+* System tables are currently not encrypted. This means that statistics data and database metadata are currently not encrypted.
 
 * `pg_rewind` doesn't work with encrypted WAL for now. We plan to fix it in future releases.
 
@@ -42,15 +39,13 @@ The `pg_tde` extension comes in two distinct versions with specific access metho
 
     This `pg_tde` version is based on and supported for [Percona Server for PostgreSQL 17.x :octicons-link-external-16:](https://docs.percona.com/postgresql/17/postgresql-server.html) - an open source binary drop-in replacement for PostgreSQL Community. It provides the `tde_heap` access method and offers [full encryption capabilities](features.md). 
 
-* **Community version**
-
-    This version is supported for PostgreSQL Community 16 and 17, and Percona Distribution for PostgreSQL 16. It provides the `tde_heap_basic` access method, offering limited encryption features. The limitations are in encrypting WAL data only for tables created using the extension and no support of index encryption nor logical replication.
+* **Community version** (deprecated)
 
-### Which version to chose?
+    This version is available with PostgreSQL Community 16 and 17, and Percona Distribution for PostgreSQL 16. It provides the `tde_heap_basic` access method, offering limited encryption features. The limitations are in encrypting WAL data only for tables created using the extension and no support of index encryption nor logical replication.
 
-Use the community version and the `tde_heap_basic` access method for data sets where indexing is not mandatory or index encryption is not required. Check the [upstream documentation :octicons-link-external-16:](https://github.com/percona/pg_tde/blob/main/README.md) how to get started.
+### Which version to choose?
 
-Otherwise, enjoy full encryption with the Percona Server for PostgreSQL version and the `tde_heap` access method. 
+Enjoy full encryption with the Percona Server for PostgreSQL version and the `tde_heap` access method. The Community version is deprecated and is planned to be removed in future releases. 
 
 Still not sure? [Contact our experts](https://www.percona.com/about/contact) to find the best solution for you.
 
@@ -56,8 +56,6 @@ Here's how you can set the new default table access method:
     === "via the SQL statement"
 
         Use the `ALTER SYSTEM SET` command. This requires superuser or ALTER SYSTEM privileges.
-
-        This example shows how to set the `tde_heap` access method. Replace it with the `tde_heap_basic` if needed. 
 
 
         ```sql
@@ -68,8 +66,6 @@ Here's how you can set the new default table access method:
 
         Edit the `postgresql.conf` configuration file and add the value for the `default_table_access_method` parameter.
 
-        This example shows how to set the `tde_heap` access method. Replace it with the `tde_heap_basic` if needed.
-
         ```ini
         default_table_access_method = 'tde_heap'
         ```  
@@ -82,7 +78,7 @@ Here's how you can set the new default table access method:
 
         You also don't need to have the superuser privileges to run the SET command.
 
-        You can run the SET command anytime during the session. This example shows how to set the `tde_heap` access method. Replace it with the `tde_heap_basic` if needed.
+        You can run the SET command anytime during the session. 
 
         ```sql
         SET default_table_access_method = tde_heap;

diff --git a/contrib/pg_tde/documentation/mkdocs.yml b/contrib/pg_tde/documentation/mkdocs.yml
@@ -156,6 +156,7 @@ extra:
 
 nav:
   - Home: index.md
+  - get-help.md
   - features.md
   - Get started:
     - "Install": "install.md"