History

Dragos Andriciuc bbe1728be4 PG-1523 Rework uninstallation documentation cleanup (#490 ) - update the pg_tde uninstall steps and add a troubleshooting section in case user receives an error during uninstall - improve introductory paragraph		1 month ago
..
documentation	PG-1523 Rework uninstallation documentation cleanup (#490 )	1 month ago
expected	Fix error message when deleting key providers	2 months ago
sql	PG-1658 Remove server key when removing default key	2 months ago
src	PG-1603 Make pg_basebackup work with encrypted WAL	1 month ago
t	PG-1603 Make pg_basebackup work with encrypted WAL	1 month ago
.gitignore	PG-1710 Create helpers for decrypting/encrypting archived WAL	1 month ago
CONTRIBUTING.md	Moved pg_tde to contrib/pg_tde	8 months ago
Makefile	PG-1813 Separate format for smgr and wal keyfiles	1 month ago
Makefile.tools	PG-1813 Separate format for smgr and wal keyfiles	1 month ago
README.md	README updates (#389 )	3 months ago
SECURITY.md	Moved pg_tde to contrib/pg_tde	8 months ago
code-of-conduct.md	Moved pg_tde to contrib/pg_tde	8 months ago
kmip-server.conf	CI updata 1: percona server for postgresql basic build and test	8 months ago
meson.build	Add missing test to meson build	1 month ago
pg_tde--1.0.sql	Update postgres and pg_tde version numbers	3 months ago
pg_tde.conf	Moved pg_tde to contrib/pg_tde	8 months ago
pg_tde.control	Update postgres and pg_tde version numbers	3 months ago
pykmip-server.conf	CI updata 1: percona server for postgresql basic build and test	8 months ago

README.md

pg_tde: Transparent Database Encryption for PostgreSQL

The PostgreSQL extension provides data at rest encryption. It is currently in an experimental phase and is under active development. We need your feedback!

Overview
Documentation
Percona Server for PostgreSQL
Run in docker
Set up pg_tde
Downloads
Additional functions

Overview

Transparent Data Encryption offers encryption at the file level and solves the problem of protecting data at rest. The encryption is transparent for users allowing them to access and manipulate the data and not to worry about the encryption process. The extension supports keyringfile and external Key Management Systems (KMS) through a Global Key Provider interface.

This extension provides the `tde_heap access method`

This access method:

Works only with Percona Server for PostgreSQL 17
Uses extended Storage Manager and WAL APIs
Encrypts tuples, WAL and indexes
It does not encrypt temporary files and statistics yet

Documentation

For more information about pg_tde, see the official documentation.

Percona Server for PostgreSQL

Percona provides binary packages of pg_tde extension only for Percona Server for PostgreSQL. Learn how to install them or build pg_tde from sources for PSPG in the documentation.

Run in Docker

To run pg_tde in Docker, follow the instructions in the official pg_tde Docker documentation.

For details on the build process and developer setup, see Make Builds for Developers.

Set up pg_tde

For more information on setting up and configuring pg_tde, see the official pg_tde setup topic.

The guide also includes instructions for:

Installing and enabling the extension
Setting up key providers
Creating encrypted tables

Downloads

To download the latest build of the main branch, use the HEAD release from releases.

Builds are available in a tar.gz format, containing only the required files, and as a deb package. The deb package is built against the pgdg17 release, but this dependency is not yet enforced in the package.

Additional functions

Learn more about the helper functions available in pg_tde, including how to check table encryption status, in the Functions topic.