Skip to content
Percona Documentation

Test Transparent Data Encryption

To check if the data is encrypted, do the following:

  1. Create a table in the database for which you have enabled pg_tde. Enabling pg_tde extension creates the table access method pg_tde. To enable data encryption, create the table using this access method as follows:

    CREATE TABLE <table_name> (<field> <datatype>) USING pg_tde;

    Hint

    You can enable data encryption by default by setting the default_table_access_method to pg_tde:

    SET default_table_access_method = pg_tde;

  2. Run the following function:

    SELECT pg_tde_is_encrypted('table_name');

    The function returns t if the table is encrypted and f - if not.

  3. Rotate the master key when needed:

    SELECT pg_tde_rotate_key(); -- uses automatic key versionin
-- or
SELECT pg_tde_rotate_key('new-master-key', NULL); -- specify new key name
-- or
SELECT pg_tde_rotate_key('new-master-key', 'new-provider'); -- change provider

Get expert help

If you need assistance, visit the community forum for comprehensive and free database knowledge, or contact our Percona Database Experts for professional support and services.

Community Forum Get a Percona Expert