Test Transparent Data Encryption¶
To check if the data is encrypted, do the following:
-
Create a table in the database for which you have enabled
pg_tde
. Enablingpg_tde
extension creates the table access methodtde_heap_basic
. To enable data encryption, create the table using this access method as follows:CREATE TABLE <table_name> (<field> <datatype>) USING tde_heap_basic;
Hint
You can enable data encryption by default by setting the
default_table_access_method
totde_heap_basic
:SET default_table_access_method = tde_heap_basic;
-
Run the following function:
SELECT pg_tde_is_encrypted('table_name');
The function returns
t
if the table is encrypted andf
- if not. -
Rotate the principal key when needed:
SELECT pg_tde_rotate_principal_key(); -- uses automatic key versionin -- or SELECT pg_tde_rotate_principal_key('new-principal-key', NULL); -- specify new key name -- or SELECT pg_tde_rotate_principal_key('new-principal-key', 'new-provider'); -- change provider
Get expert help¶
If you need assistance, visit the community forum for comprehensive and free database knowledge, or contact our Percona Database Experts for professional support and services.