open-dsi
/
postgres
mirror of https://github.com/postgres/postgres
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
280 Commits
38 Branches
662 Tags
732 MiB
 
 
 
 
 
 
Tag: Branch: Tree: 6774c1ef9c
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '6774c1ef9c'
${ noResults }
postgres/documentation/docs/test.md

71 lines
2.5 KiB
Raw Blame History

# Test Transparent Data Encryption
To check if the data is encrypted, do the following:
=== "pg_tde Beta"
1. Create a table in the database for which you have [enabled `pg_tde`](setup.md). Enabling `pg_tde` extension creates the table access method `tde_heap_basic`. To enable data encryption, create the table using this access method as follows:
```sql
CREATE TABLE <table_name> (<field> <datatype>) USING tde_heap_basic;
```
!!! hint
You can enable data encryption by default by setting the `default_table_access_method` to `tde_heap_basic`:
```sql
SET default_table_access_method = tde_heap_basic;
```
2. Run the following function:
```sql
SELECT pg_tde_is_encrypted('table_name');
```
The function returns `t` if the table is encrypted and `f` - if not.
3. Rotate the principal key when needed:
```sql
SELECT pg_tde_rotate_principal_key(); -- uses automatic key versionin
-- or
SELECT pg_tde_rotate_principal_key('new-principal-key', NULL); -- specify new key name
-- or
SELECT pg_tde_rotate_principal_key('new-principal-key', 'new-provider'); -- change provider
```
=== "pg_tde Tech preview"
!!! warning
This is the tech preview functionality. Its scope is not yet finalized and can change anytime. Use it only for testing purposes.
1. Create a table in the database for which you have [enabled `pg_tde`](setup.md). Enabling `pg_tde` extension creates the table access method `tde_heap`. To enable data encryption, create the table using this access method as follows:
```sql
CREATE TABLE <table_name> (<field> <datatype>) USING tde_heap;
```
2. Run the following function:
```sql
SELECT pg_tde_is_encrypted('table_name');
```
The function returns `t` if the table is encrypted and `f` - if not.
3. Rotate the principal key when needed:
```sql
SELECT pg_tde_rotate_principal_key(); -- uses automatic key versionin
-- or
SELECT pg_tde_rotate_principal_key('new-principal-key', NULL); -- specify new key name
-- or
SELECT pg_tde_rotate_principal_key('new-principal-key', 'new-provider'); -- change provider
```
!!! hint
If you no longer wish to use `pg_tde` or wish to switch to using the `tde_heap_basic` access method, see how you can [decrypt your data](decrypt.md).