From 84e5191a6e145c1372cb6e2f7524c46be26b0178 Mon Sep 17 00:00:00 2001 From: Dragos Andriciuc Date: Wed, 4 Feb 2026 17:08:42 +0200 Subject: [PATCH 1/6] Improve and expand pg_tde information in PSP This PR aims to improve a gap in our Information Architecture, specifically we are missing a slight clarification paragraph regarding pg_tde's capability to enforce encryption at the database level as well. To fix this, three chapters have been expanded and improved with additional information around this topic. --- docs/percona-ext.md | 14 +++++++++----- docs/postgresql-server.md | 11 +++++------ docs/solutions.md | 25 ++++++++++++++++++++----- 3 files changed, 34 insertions(+), 16 deletions(-) diff --git a/docs/percona-ext.md b/docs/percona-ext.md index a7f2c89c2..d843f7dd0 100644 --- a/docs/percona-ext.md +++ b/docs/percona-ext.md @@ -1,9 +1,13 @@ # Percona-authored extensions +Percona-authored extensions provide additional capabilities that go beyond upstream PostgreSQL, enabling advanced observability and data-at-rest encryption. These extensions are developed and maintained by Percona and are designed to integrate seamlessly with Percona Server for PostgreSQL and Percona Distribution for PostgreSQL. + +This page provides a high-level overview of the available Percona-authored extensions and the problems they are intended to solve. For detailed configuration and usage instructions, follow the documentation links provided for each extension below. +
-### :octicons-graph-16: pg_stat_monitor +## :octicons-graph-16: pg_stat_monitor A query performance monitoring tool for PostgreSQL that brings more insight and details around query performance, planning statistics and metadata. It improves observability, enabling users to debug and tune query performance with precision. @@ -12,13 +16,13 @@ A query performance monitoring tool for PostgreSQL that brings more insight and
-### :material-file-key-outline: pg_tde - -An open-source extension designed to enhance PostgreSQL’s security by encrypting data files on disk. The encryption is transparent for users allowing them to access and manipulate the data and not to worry about the encryption process. +## :material-file-key-outline: pg_tde +An open-source extension designed to enhance PostgreSQL’s security by encrypting data files on disk. The encryption is transparent for users, allowing them to access and manipulate data without managing encryption details. -[pg_tde documentation :octicons-link-external-16:](https://docs.percona.com/pg-tde/index.html){.md-button} +You can also use `pg_tde` to enforce encryption at the database level, ensuring that all newly created data is encrypted without requiring per-table changes. +[For configuration details, see the pg_tde documentation. :octicons-link-external-16:](https://docs.percona.com/pg-tde/index.html){.md-button}
diff --git a/docs/postgresql-server.md b/docs/postgresql-server.md index e8ae3b027..716210b9e 100644 --- a/docs/postgresql-server.md +++ b/docs/postgresql-server.md @@ -1,12 +1,11 @@ # Percona Server for PostgreSQL -Percona Server for PostgreSQL is a binary-compatible, open source drop-in replacement for PostgreSQL {{pgversion}}. It introduces additional features to the upstream server, including: +Percona Server for PostgreSQL is a binary-compatible, open source drop-in replacement for PostgreSQL {{pgversion}}. It functions identically to upstream PostgreSQL, allowing you to [migrate](migration.md) seamlessly between the two. -* Storage Manager (SMGR) API Exposure: Allows PostgreSQL extensions to integrate custom storage managers. This change was inspired by the [patchset](https://www.postgresql.org/message-id/flat/CAJ7c6TOqqrzjYsU6LgDkcJ0yVgzdkx2juJjgAjzP2jPOpZ1qUA%40mail.gmail.com#8e68cfc57fcac14c8e24b00b41e61baf) introduced to the community. -* WAL Read/Write API Exposure to hook into WAL read and write functions. +It provides the foundation for additional capabilities, including data-at-rest encryption such as index-level and Write-Ahead Logging (WAL) encryption. -These modifications have no impact on existing use cases and operation of PostgreSQL. They are required to enable additional encryption capabilities such as index-level and Write-Ahead Logging (WAL) encryption of indexes through the [`pg_tde` :octicons-link-external-16:](https://docs.percona.com/pg-tde/index.html) extension. These encryption features provided by the `pg_tde` are still under active development and are planned for future releases. +For more information on Percona Server for PostgreSQL extensions that enable such capabilities, see the [Percona-authored extensions topic](percona-ext.md). -Percona Server and upstream PostgreSQL function identically enabling you to migrate from one to another. +For an overview of Percona Server for PostgreSQL solutions, such as high availability, backup and disaster recovery, spatial data handling, authentication, and data-at-rest encryption, see the [Percona Distribution for PostgreSQL solutions topic](solutions.md). -[Get started :material-arrow-right:](installing.md){.md-button} \ No newline at end of file +[Get started :material-arrow-right:](installing.md){.md-button} diff --git a/docs/solutions.md b/docs/solutions.md index dcaa787df..83dbb70f7 100644 --- a/docs/solutions.md +++ b/docs/solutions.md @@ -1,6 +1,13 @@ # Percona Distribution for PostgreSQL solutions -Find the right solution to help you achieve your organization's goals. +Find the right solution to help you achieve your organization's goals, such as high availability, backup and disaster recovery, spatial data handling, authentication, and [data-at-rest encryption :octicons-link-external-16:](https://docs.percona.com/pg-tde/index.html). + +These solutions are enabled by additional capabilities that extend the upstream server, such as: + +* Storage Manager (SMGR) API exposure that allows PostgreSQL extensions to integrate custom storage managers. This change was inspired by the following [patchset :octicons-link-external-16:](https://www.postgresql.org/message-id/flat/CAJ7c6TOqqrzjYsU6LgDkcJ0yVgzdkx2juJjgAjzP2jPOpZ1qUA%40mail.gmail.com#8e68cfc57fcac14c8e24b00b41e61baf) introduced to the community. +* WAL Read/Write API exposure that allows extensions to hook into WAL read and write functions. + +Explore the available solutions below:
@@ -12,6 +19,14 @@ Check out how you can ensure continuous access to your database.
+### :material-backup-restore: Backup and disaster recovery + +Protect your database against accidental or malicious data loss or data corruption. + +[Backup and disaster recovery :material-arrow-right:](solutions/backup-recovery.md){.md-button} + +
+ ### :octicons-globe-24: Spatial data handling Dealing with spatial data? Learn how you can store and manipulate it. @@ -20,11 +35,11 @@ Dealing with spatial data? Learn how you can store and manipulate it.
-### :material-backup-restore: Backup and disaster recovery +### :material-account-lock: LDAP authentication -Protect your database against accidental or malicious data loss or data corruption. +Need a central authentication solution? Learn how you can manage users and access control using LDAP directories. -[Backup and disaster recovery :material-arrow-right:](solutions/backup-recovery.md){.md-button} +[LDAP authentication :material-arrow-right:](ldap.md){.md-button}
-
\ No newline at end of file +
From 27ccb8cca96754c41eac4789da70cde2c63e97dc Mon Sep 17 00:00:00 2001 From: Dragos Andriciuc Date: Thu, 12 Feb 2026 12:36:35 +0200 Subject: [PATCH 2/6] Update percona extensions with feedback and the oidc extension --- docs/percona-ext.md | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/docs/percona-ext.md b/docs/percona-ext.md index d843f7dd0..aff100e5c 100644 --- a/docs/percona-ext.md +++ b/docs/percona-ext.md @@ -9,20 +9,26 @@ This page provides a high-level overview of the available Percona-authored exten ## :octicons-graph-16: pg_stat_monitor -A query performance monitoring tool for PostgreSQL that brings more insight and details around query performance, planning statistics and metadata. It improves observability, enabling users to debug and tune query performance with precision. +An open-source query performance monitoring tool for PostgreSQL that brings more insight and details around query performance, planning statistics and metadata. It improves observability, enabling users to debug and tune query performance with precision. -[pg_stat_monitor documentation :octicons-link-external-16:](https://docs.percona.com/pg-stat-monitor/index.html){.md-button} +[See the pg_stat_monitor documentation :octicons-link-external-16:](https://docs.percona.com/pg-stat-monitor/index.html){.md-button}
## :material-file-key-outline: pg_tde -An open-source extension designed to enhance PostgreSQL’s security by encrypting data files on disk. The encryption is transparent for users, allowing them to access and manipulate data without managing encryption details. +An open-source extension designed to enhance PostgreSQL security by encrypting data files on disk. `pg_tde` protects data at rest by ensuring that database files cannot be read without the appropriate encryption keys. Encryption is transparent to applications and users at the SQL level, while key management is configured separately. -You can also use `pg_tde` to enforce encryption at the database level, ensuring that all newly created data is encrypted without requiring per-table changes. +[See the pg_tde documentation :octicons-link-external-16:](https://docs.percona.com/pg-tde/index.html){.md-button} -[For configuration details, see the pg_tde documentation. :octicons-link-external-16:](https://docs.percona.com/pg-tde/index.html){.md-button} +## :material-file-key-outline: pg_oidc_validator + +An **experimental** OAuth validator library for PostgreSQL 18 that validates OpenID Connect (OIDC) JWT access tokens. It integrates with PostgreSQL’s OAuth framework to verify tokens issued by compliant OIDC providers. + +**NOTE:** This library is still experimental and not intended for production use. + +[Check the pg_oidc_validator GitHub repository :octicons-link-external-16:](https://github.com/Percona-Lab/pg_oidc_validator){.md-button}
From d4d625d78800fabbc691c1a69bf5f34aa17b6b99 Mon Sep 17 00:00:00 2001 From: Dragos Andriciuc Date: Thu, 12 Feb 2026 12:52:18 +0200 Subject: [PATCH 3/6] Fix banner location on page --- docs/percona-ext.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/percona-ext.md b/docs/percona-ext.md index aff100e5c..f8e00a1f1 100644 --- a/docs/percona-ext.md +++ b/docs/percona-ext.md @@ -22,6 +22,10 @@ An open-source extension designed to enhance PostgreSQL security by encrypting d [See the pg_tde documentation :octicons-link-external-16:](https://docs.percona.com/pg-tde/index.html){.md-button} + + +
+ ## :material-file-key-outline: pg_oidc_validator An **experimental** OAuth validator library for PostgreSQL 18 that validates OpenID Connect (OIDC) JWT access tokens. It integrates with PostgreSQL’s OAuth framework to verify tokens issued by compliant OIDC providers. From 8ef777e1b1fb779f5232873bb9c44b7f931ea969 Mon Sep 17 00:00:00 2001 From: Dragos Andriciuc Date: Thu, 12 Feb 2026 14:57:55 +0200 Subject: [PATCH 4/6] Update the PSP description for less marketing talk --- docs/postgresql-server.md | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/docs/postgresql-server.md b/docs/postgresql-server.md index 716210b9e..10ae18272 100644 --- a/docs/postgresql-server.md +++ b/docs/postgresql-server.md @@ -2,10 +2,8 @@ Percona Server for PostgreSQL is a binary-compatible, open source drop-in replacement for PostgreSQL {{pgversion}}. It functions identically to upstream PostgreSQL, allowing you to [migrate](migration.md) seamlessly between the two. -It provides the foundation for additional capabilities, including data-at-rest encryption such as index-level and Write-Ahead Logging (WAL) encryption. +It provides a maintained build of PostgreSQL and serves as the foundation for additional capabilities delivered through Percona-authored extensions, such as [`pg_tde`](https://docs.percona.com/pg-tde/index.html), which enables data-at-rest encryption. -For more information on Percona Server for PostgreSQL extensions that enable such capabilities, see the [Percona-authored extensions topic](percona-ext.md). +For details about available extensions, see the [Percona-authored extensions topic](percona-ext.md). -For an overview of Percona Server for PostgreSQL solutions, such as high availability, backup and disaster recovery, spatial data handling, authentication, and data-at-rest encryption, see the [Percona Distribution for PostgreSQL solutions topic](solutions.md). - -[Get started :material-arrow-right:](installing.md){.md-button} +For a broader overview of integrated tooling and deployment guidance, start with the [Percona Distribution for PostgreSQL Quickstart guide](installing.md). From 571592d4c8585bfcfcf017e21a3d71fd30d05732 Mon Sep 17 00:00:00 2001 From: Dragos Andriciuc Date: Thu, 12 Feb 2026 16:05:18 +0200 Subject: [PATCH 5/6] reworded and added back the server enhancements --- docs/postgresql-server.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/docs/postgresql-server.md b/docs/postgresql-server.md index 10ae18272..3d9c346cf 100644 --- a/docs/postgresql-server.md +++ b/docs/postgresql-server.md @@ -2,7 +2,14 @@ Percona Server for PostgreSQL is a binary-compatible, open source drop-in replacement for PostgreSQL {{pgversion}}. It functions identically to upstream PostgreSQL, allowing you to [migrate](migration.md) seamlessly between the two. -It provides a maintained build of PostgreSQL and serves as the foundation for additional capabilities delivered through Percona-authored extensions, such as [`pg_tde`](https://docs.percona.com/pg-tde/index.html), which enables data-at-rest encryption. +In addition to upstream functionality, Percona Server includes enhancements that enable advanced extension capabilities. + +## Enhancements + +* Storage Manager (SMGR) API exposure, which allows PostgreSQL extensions to integrate custom storage managers. This change was inspired by the following [patchset :octicons-link-external-16:](https://www.postgresql.org/message-id/flat/CAJ7c6TOqqrzjYsU6LgDkcJ0yVgzdkx2juJjgAjzP2jPOpZ1qUA%40mail.gmail.com#8e68cfc57fcac14c8e24b00b41e61baf) introduced to the community. +* WAL Read/Write API exposure, which allows extensions to hook into WAL read and write operations. + +These enhancements serve as the foundation for Percona-authored extensions, such as [`pg_tde`](https://docs.percona.com/pg-tde/index.html), which enables data-at-rest encryption. For details about available extensions, see the [Percona-authored extensions topic](percona-ext.md). From 1e6ebeeefd9b2d359ba7a8a3e51e5b2dc8595302 Mon Sep 17 00:00:00 2001 From: Dragos Andriciuc Date: Thu, 12 Feb 2026 16:06:19 +0200 Subject: [PATCH 6/6] remove the two server enhancements and move them to PSP topic --- docs/solutions.md | 5 ----- 1 file changed, 5 deletions(-) diff --git a/docs/solutions.md b/docs/solutions.md index 83dbb70f7..0fcec063b 100644 --- a/docs/solutions.md +++ b/docs/solutions.md @@ -2,11 +2,6 @@ Find the right solution to help you achieve your organization's goals, such as high availability, backup and disaster recovery, spatial data handling, authentication, and [data-at-rest encryption :octicons-link-external-16:](https://docs.percona.com/pg-tde/index.html). -These solutions are enabled by additional capabilities that extend the upstream server, such as: - -* Storage Manager (SMGR) API exposure that allows PostgreSQL extensions to integrate custom storage managers. This change was inspired by the following [patchset :octicons-link-external-16:](https://www.postgresql.org/message-id/flat/CAJ7c6TOqqrzjYsU6LgDkcJ0yVgzdkx2juJjgAjzP2jPOpZ1qUA%40mail.gmail.com#8e68cfc57fcac14c8e24b00b41e61baf) introduced to the community. -* WAL Read/Write API exposure that allows extensions to hook into WAL read and write functions. - Explore the available solutions below: