From 83c933a746d8326f5f392f4b077a92753f566054 Mon Sep 17 00:00:00 2001
From: Dragos Andriciuc <andriciucdragos@protonmail.com>
Date: Tue, 31 Mar 2026 10:39:45 +0300
Subject: [PATCH 1/2] Update the changing database default tablespace

Update the database default tablespace behavior description to include alter/set command

Previously the explanation was not quite helpful, as in the user can technically still use the command, previously we said it was not supported which is not true.
---
 documentation/docs/index/tde-limitations.md | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/documentation/docs/index/tde-limitations.md b/documentation/docs/index/tde-limitations.md
index 358ba58e..1296cc4d 100644
--- a/documentation/docs/index/tde-limitations.md
+++ b/documentation/docs/index/tde-limitations.md
@@ -49,16 +49,15 @@ Limitations of `pg_tde` {{release}}:
 
     The `pg_upgrade` tool does not properly handle the internal encryption keys used by `pg_tde`, which prevents the upgraded cluster from decrypting encrypted relations.
 
-## Changing the database default tablespace
+## `ALTER DATABASE ... SET TABLESPACE`
 
-!!! warning "Changing the database default tablespace is not supported with `pg_tde`"
-    Changing the default tablespace of a database is currently not supported when using `pg_tde`.
+!!! warning "Changing a database tablespace has limited support with `pg_tde`"
+    The `ALTER DATABASE ... SET TABLESPACE` command bypasses PostgreSQL's storage manager (SMGR), which `pg_tde` relies on to enforce encryption.
 
-    This operation bypasses PostgreSQL's storage manager (SMGR), which is not supported by `pg_tde`.
+    - If encrypted objects exist in the database's default tablespace, the operation is refused.
+    - If no encrypted objects are present in the default tablespace, the operation is allowed.
 
-    As a safeguard, `pg_tde` blocks the operation if encrypted objects are detected in the default tablespace.
-
-    Objects located outside the default tablespace are not affected by this command.
+    Only objects in the default tablespace are checked. Objects in other tablespaces are not affected by this validation.
 
 ## Currently unsupported WAL tools
 

From 2275a00ec7181056a8a36e963ebc7311697961fb Mon Sep 17 00:00:00 2001
From: Dragos Andriciuc <andriciucdragos@protonmail.com>
Date: Thu, 2 Apr 2026 17:09:32 +0300
Subject: [PATCH 2/2] Add workaround for user

Inform user they can use ALTER table to move tables individually.
---
 documentation/docs/index/tde-limitations.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/documentation/docs/index/tde-limitations.md b/documentation/docs/index/tde-limitations.md
index 1296cc4d..86222b2b 100644
--- a/documentation/docs/index/tde-limitations.md
+++ b/documentation/docs/index/tde-limitations.md
@@ -57,7 +57,9 @@ Limitations of `pg_tde` {{release}}:
     - If encrypted objects exist in the database's default tablespace, the operation is refused.
     - If no encrypted objects are present in the default tablespace, the operation is allowed.
 
-    Only objects in the default tablespace are checked. Objects in other tablespaces are not affected by this validation.
+    Only objects in the default tablespace are checked. Objects in other tablespaces are not evaluated by `pg_tde`.
+
+  To move encrypted tables individually, use `ALTER TABLE ... SET TABLESPACE`.
 
 ## Currently unsupported WAL tools