percona · Andriciuc · Mar 31, 2026 · Apr 2, 2026 · jeltz · Apr 3, 2026
@@ -49,16 +49,17 @@ Limitations of `pg_tde` {{release}}:
 
     The `pg_upgrade` tool does not properly handle the internal encryption keys used by `pg_tde`, which prevents the upgraded cluster from decrypting encrypted relations.
 
-## Changing the database default tablespace
+## `ALTER DATABASE ... SET TABLESPACE`
 
-!!! warning "Changing the database default tablespace is not supported with `pg_tde`"
-    Changing the default tablespace of a database is currently not supported when using `pg_tde`.
+!!! warning "Changing a database tablespace has limited support with `pg_tde`"
+    The `ALTER DATABASE ... SET TABLESPACE` command bypasses PostgreSQL's storage manager (SMGR), which `pg_tde` relies on to enforce encryption.
 
-    This operation bypasses PostgreSQL's storage manager (SMGR), which is not supported by `pg_tde`.
+    - If encrypted objects exist in the database's default tablespace, the operation is refused.
+    - If no encrypted objects are present in the default tablespace, the operation is allowed.
 
-    As a safeguard, `pg_tde` blocks the operation if encrypted objects are detected in the default tablespace.
+    Only objects in the default tablespace are checked. Objects in other tablespaces are not evaluated by `pg_tde`.
 
-    Objects located outside the default tablespace are not affected by this command.
+  To move encrypted tables individually, use `ALTER TABLE ... SET TABLESPACE`.
 
 ## Currently unsupported WAL tools