> On May 22, 2023, at 11:02, Tony Xu <tony.xu@xxxxxxxxxx> wrote: > there are still some shared area between clusters. That's not quite right. A PostgreSQL cluster (in the traditional sense, which means one PostgreSQL server handling a particular endpoint) is isolated from any other clusters on the same machine. If the individual clusters have their own underlying volumes, those can be encrypted independently of any other cluster. This is not quite as elegant as each database in a cluster having its own encryption key, but it does have the advantage that it can be deployed right now. A single cluster does have shared areas between databases, and those are not trivial: The global system catalogs, the write-ahead log, and the commit log, just for a start. The global system catalogs include users and roles. The effort required to split those up is very significant. And, to be somewhat blunt, is Rubrik prepared to pay for it? This engineering effort needs to be funded by someone, since engineers have to eat. This is not to say that any feature someone is willing to pay for will make it into PostgreSQL, but an effort of this size, to have any hope of reaching the point of being accepted, will need someone to pay the salaries of the people working on it. Best, -- Christophe
