Tech Preview release of pg_tde now available
As organizations collect, store, and analyze vast amounts of data, ensuring its confidentiality and integrity becomes a top priority. For PostgreSQL users, the tech preview release availability of the new encryption extension pg_tde delivers unmatched protection for vital data assets.
What is pg_tde?
pg_tde, developed by Percona, is an open source extension designed to provide transparent data encryption capabilities for PostgreSQL databases. Unlike traditional encryption methods that require significant changes to database schemas and applications, pg_tde seamlessly integrates with PostgreSQL, encrypting data at the table level without disrupting existing workflows.
Key features and benefits
- Encryption of heap tables, including TOAST.
- Storage of encryption keys in either a Hashicorp Vault server or a local keyring file (primarily for development purposes).
- Configurable key storage through separate JSON configuration files.
- Replication support.
- Enhanced security through the ability to rotate master keys used for data encryption, reducing the risk of long-term exposure to potential attacks and aiding compliance with security standards like GDPR, HIPAA, and PCI DSS.
In addition, users can now tailor encryption settings differently for each database. For instance, selected databases can be encrypted with a distinct encryption key, while others remain non-encrypted.
Significant improvements have been made to keyring configuration, including:
- The capability to define separate keyring configurations for individual databases.
- Dynamic modification of keyring configurations without the need for server restarts.
- Storage of keyring configurations in catalogs specific to each database rather than in a singular configuration file.
- Enhanced security measures, such as avoiding the storage of secrets in unencrypted catalogs by configuring keyring parameters to be sourced from external locations such as files or HTTP(S) requests.
Getting started with pg_tde
Getting started with pg_tde is straightforward, thanks to comprehensive documentation and user-friendly installation procedures. The pg_tde GitHub repository provides detailed instructions for building and installing the extension, as well as examples and usage guidelines to help users deploy pg_tde effectively.
To install pg_tde, users can clone the repository, build the extension using the provided Makefile, and install it into their PostgreSQL environment or simply download the packages provided in our testing repositories. We do offer pre-build rpm and deb packages. Once installed, users can begin encrypting their data using simple SQL commands, with no need to make significant changes to their existing applications or queries.
Looking ahead
The release of pg_tde represents a significant achievement in PostgreSQL security, offering users a robust and transparent encryption solution that is efficient and easy to use. As organizations face changing security threats and regulatory requirements, tools like pg_tde will play a crucial role in safeguarding sensitive data and maintaining compliance.
In the coming months, Percona plans to refine and enhance pg_tde based on feedback from the community, including index encryption.
pg_tde for PostgreSQL database security
With the release of pg_tde, Percona has reached the first milestone for enhanced data security in PostgreSQL environments.
Visit the official GitHub repository to learn more about pg_tde and download the tech preview release. Also, please join the conversation in the community forums or GitHub discussions.
Percona Distribution for PostgreSQL provides the best and most critical enterprise components from the open-source community in a single distribution, designed and tested to work together. Run PostgreSQL in your production and mission-critical environments and easily deploy and orchestrate reliable PostgreSQL in Kubernetes.
Download Percona Distribution for PostgreSQL Today!
