Re: Would PostgreSQL 16 native transparent data encryption support database level encryption?

> On May 22, 2023, at 11:02, Tony Xu <tony.xu@rubrik.com> wrote:
> there are still some shared area between clusters.

That's not quite right.  A PostgreSQL cluster (in the traditional sense, which means one PostgreSQL server handling a
particularendpoint) is isolated from any other clusters on the same machine.  If the individual clusters have their own
underlyingvolumes, those can be encrypted independently of any other cluster.  This is not quite as elegant as each
databasein a cluster having its own encryption key, but it does have the advantage that it can be deployed right now. 

A single cluster does have shared areas between databases, and those are not trivial: The global system catalogs, the
write-aheadlog, and the commit log, just for a start.  The global system catalogs include users and roles.  The effort
requiredto split those up is very significant. 

And, to be somewhat blunt, is Rubrik prepared to pay for it?  This engineering effort needs to be funded by someone,
sinceengineers have to eat.  This is not to say that any feature someone is willing to pay for will make it into
PostgreSQL,but an effort of this size, to have any hope of reaching the point of being accepted, will need someone to
paythe salaries of the people working on it. 

Best,
-- Christophe