PostgreSQL extension that provides Transparent Data Encryption (TDE) to protect data at rest.
- Overview
- Documentation
- Percona Server for PostgreSQL
- Run in docker
- Set up pg_tde
- Downloads
- Additional functions
Transparent Data Encryption offers encryption at the file level and solves the problem of protecting data at rest. The encryption is transparent for users allowing them to access and manipulate the data and not to worry about the encryption process. The extension supports keyringfile and external Key Management Systems (KMS) through a Global Key Provider interface.
This access method:
- Works only with Percona Server for PostgreSQL 17
- Uses extended Storage Manager and WAL APIs
- Encrypts tuples, WAL and indexes
- It does not encrypt temporary files and statistics yet
For more information about pg_tde, see the official documentation.
Percona provides binary packages of pg_tde extension only for Percona Server for PostgreSQL. Learn how to install them or build pg_tde from sources for PSPG in the documentation.
To run pg_tde in Docker, follow the instructions in the official pg_tde Docker documentation.
For details on the build process and developer setup, see Make Builds for Developers.
For more information on setting up and configuring pg_tde, see the official pg_tde setup topic.
The guide also includes instructions for:
- Installing and enabling the extension
- Setting up key providers
- Creating encrypted tables
To download the latest build of the main branch, use the HEAD release from releases.
Builds are available in a tar.gz format, containing only the required files, and as a deb package. The deb package is built against the pgdg17 release, but this dependency is not yet enforced in the package.
Learn more about the helper functions available in pg_tde, including how to check table encryption status, in the Functions topic.