From 7c1f3568a7f3fafe96393960cae13dae52c09a7a Mon Sep 17 00:00:00 2001 From: Anastasia Alexadrova Date: Mon, 16 Sep 2024 13:47:13 +0200 Subject: [PATCH] PG-1013 Added build comparison table, moved features from index to compaison --- documentation/docs/features.md | 26 ++++++++++++++++++++++++++ documentation/docs/index.md | 29 ++++++++--------------------- 2 files changed, 34 insertions(+), 21 deletions(-) create mode 100644 documentation/docs/features.md diff --git a/documentation/docs/features.md b/documentation/docs/features.md new file mode 100644 index 00000000..148d88ea --- /dev/null +++ b/documentation/docs/features.md @@ -0,0 +1,26 @@ +# Build comparison + +We provide `pg_tde` builds for both PostgreSQL Community and [Percona Server for PostgreSQL](https://docs.percona.com/postgresql/17/). The difference between the builds is in the set of included features which in its turn depends on the Storage Manager API. While PostgreSQL Community uses the default Storage Manager API, Percona Server for PostgreSQL extends the Storage Manager API enabling to integrate custom storage managers. + +## Features + +The following table provides the differences between the builds: + +| PostgreSQL Community build | Percona Server for PostgreSQL build
(in addition to features included in the PostgreSQL Community build)| +|----------------------|-------------------------------| +| Table encryption:
- data tables,
- TOAST tables
- temporary tables created during the database operation.

Metadata of those tables is not encrypted. | Index data encryption for encrypted tables | +| Write-Ahead Log (WAL) encryption of data in encrypted tables | Write-Ahead Log (WAL) encryption of data for encrypted and non-encrypted tables | +| Multi-tenancy support| | +| Table-level granularity | | +| Key management via:
- HashiCorp Vault;
- Local keyfile | + +## Future releases + +The following is planned for future releases of `pg_tde`: + +* Logical replication support +* KMIP integration for key management + +:material-alert: Warning: Note that introducing encryption/decryption affects performance. Our benchmark tests show less than 10% performance overhead for most situations. However, in some specific applications such as those using JSONB operations, performance degradation might be higher. + +[Get started](install.md){.md-button} \ No newline at end of file diff --git a/documentation/docs/index.md b/documentation/docs/index.md index 43cd4d57..cb690cd2 100644 --- a/documentation/docs/index.md +++ b/documentation/docs/index.md @@ -6,37 +6,24 @@ This is the {{release}} version of the extension and is not meant for production use yet. [Release notes](release-notes/release-notes.md) -## What's encrypted +## Supported PostgreSQL deployments -`pg_tde` encrypts the following: + `pg_tde` is provided in database specific builds for: -* User data in tables, including TOAST tables, that are created using the extension. Metadata of those tables is not encrypted. -* Write-Ahead Log (WAL) data for tables created using the extension -* Temporary tables created during the database operation for data tables created using the extension +* [Percona Server for PostgreSQL 17](https://docs.percona.com/postgresql/17/) as part of Percona Distribution for PostgreSQL 17. This build includes all capabilities and features of `pg_tde` +* PostgreSQL Community 16.x, PostgreSQL Community 17.0 and Percona Distribution for PostgreSQL 16.0. This build provides limited capabilities. Namely, index level encryption is not supported as it requires the use of a custom storage manager. + +[Compare builds](features.md){.md-button} +[Get started](install.md){.md-button} ## Known limitations * Logical replication is not available as it doesn't work with encrypted tables. * Keys in the local keyfile are stored unencrypted. -* Indexes and `NULL` bitmaps of tuples are currently not encrypted. +* System tables are currently not encrypted :material-alert: Warning: Note that introducing encryption/decryption affects performance. Our benchmark tests show less than 10% performance overhead for most situations. However, in some specific applications such as those using JSONB operations, performance degradation might be higher. -[Get started](install.md){.md-button} - -## Supported PostgreSQL versions - -`pg_tde` is currently based on PostgreSQL 16.0 and supported for Percona Distribution for PostgreSQL 16.x and upstream PostgreSQL 16.x. - -## Future releases - -The following is planned for future releases of `pg_tde`: - -* Encryption of indexes and `NULL` bitmaps of tuples -* Logical replication support - - - ## Useful links * [What is Transparent Data Encryption](tde.md)