For plan for full-cluster Transparent Data Encryption (TDE) is here:
https://wiki.postgresql.org/wiki/Transparent_Data_Encryption#TODO_for_Full-Cluster_Encryption
The values it has, I think, are:
* encrypts data for anyone with read-access to the file system (but not
memory)
* I think write access would allow access to the encryption keys
by modifying postgresql.conf or other files
* This is particularly useful if the storage is remote
* encrypts non-logical/non-pg_dump-like backups
* fulfills several security compliance requirements
* encrypts storage
* perhaps easier to implement than file system encryption
Is that accurate?
--
Bruce Momjian <bruce@momjian.us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ As you are, so once was I. As I am, so you will be. +
+ Ancient Roman grave inscription +