Test Transparent Data Encryption¶
To check if the data is encrypted, do the following:
-
Create a table in the database for which you have enabled
pg_tde
. Enablingpg_tde
extension creates the table access methodpg_tde
. To enable data encryption, create the table using this access method as follows:CREATE TABLE <table_name> (<field> <datatype>) USING pg_tde;
Hint
You can enable data encryption by default by setting the
default_table_access_method
topg_tde
:SET default_table_access_method = pg_tde;
-
Run the following function:
SELECT pg_tde_is_encrypted('table_name');
The function returns
t
if the table is encrypted andf
- if not. -
Rotate the master key when needed:
SELECT pg_tde_rotate_key(); -- uses automatic key versionin -- or SELECT pg_tde_rotate_key('new-master-key', NULL); -- specify new key name -- or SELECT pg_tde_rotate_key('new-master-key', 'new-provider'); -- change provider
Get expert help¶
If you need assistance, visit the community forum for comprehensive and free database knowledge, or contact our Percona Database Experts for professional support and services.