postgres encryption at rest - ghdrako/doc_snipets GitHub Wiki

• https://stackoverflow.com/questions/45848457/postgresql-database-encryption-at-rest
• https://github.com/ghdrako/doc_snipets/wiki/postgres-crypto-sha256

Encryption can be done at 3 different layers (client-application, storage-device, data-base-itself).

Database encryption solution 1:

System disk encryption (cryptsetup/luks)... no modification are needed on the Postgres setup in this case. This also makes clog and textual log encrypted (at rest). If you are using a google cloud VM this guide may be useful.

Database encryption solution 2:

• https://github.com/percona/pg_tde
• https://www.percona.com/blog/adding-transparent-data-encryption-to-postgresql-with-pg_tde-please-test/

PostgreSQL TDE (transparent data encryption) this postgres feature implement transparent data encryption at rest for the whole database. an example is demonstrated here.

Database encryption solution 3:

Pgcrypto can be used to encrypt part of the database instead of a solution that would encrypt everything. an example is demonstrated here.

• https://www.postgresql.org/docs/current/static/encryption-options.html
• http://www.postgresonline.com/article_pfriendly/165.html

pgsodium