Ok I thought that was the whole point of things like Intel TDX , AMD SEV and various enclave mechanisms which provide full ram encryption and attestation ?
The only issue left would be managed services though, which then I wouldn’t use, but I’d be able to run my own postgre safely on infra I’m renting.
Supposedly, yes, but in a world that was caught flat footed with RowHammer, Spectre, and Meltdown; if I wouldn't trust those with a lot of other people's lives within a shared Cloud environment.
Intel's SGX has been broken a number of times and that should be harder to break than TDX. Like I said in my original comment though, do all the things. But if you find yourself relying on TDX to protect live(s), please pay a computer security professional to audit your security and do a threat assessment.
I’ll do all the things if ever needed, but I get that if a cloud act request happens , your cloud provider will be able to get your stuff.
I’m specialized enough in another field to know that I’m not a security person in spite of my interest in it ( I used to enjoy reverse engineering back in the days ) - I wouldn’t make that kind of decision without consulting a professional first.
The only issue left would be managed services though, which then I wouldn’t use, but I’d be able to run my own postgre safely on infra I’m renting.