Project Security and TDE keys

Suggest edits

The security settings page allows you to manage the security settings for your project. Specifically this enables you to add and delete TDE keys for your project.

Note

TDE (Transparent Data Encryption) uses keys which must be securely stored in the cloud. This requires that you have configured your own cloud account and have the necessary permissions to manage keys in that account. EDB Postgres AI does not store the keys you use for TDE.

You can add and delete TDE keys for your project in the EDB Postgres AI console.

Adding a TDE key

  1. From the Projects page, select an existing project.
  2. Go to Settings on the left-side navigation.
  3. From the Settings list, select Security.
  4. Select Add a key.
  5. On the Add a key page, select the Cloud Service Provider.
  6. Select the Region for the key. The interface only displays the regions available in the cloud account you configured.
  7. Complete the remaining fields according to your cloud provider.
  8. Select Add Key to finalize the configuration.
Note for GCP keys

If the key you added was created in a different Google Cloud Platform account than the TDE-enabled cluster you want to create, ensure you enable the Cloud KMS API in the Google console before assigning it to your cluster in EDB Postgres AI.

Now, use this TDE key to create a cluster.

For more information about TDE support, see Transparent Data Encryption

Deleting a TDE key

  1. From the Projects page, select an existing project.

  2. Go to Settings on the left-side navigation.

  3. From the Settings list, select Security.

  4. Select a key and select the delete icon for the key you want to delete.

    You're prompted to type delete key name in the field.

  5. To delete the key, enter the text as instructed and select Yes, Delete key.

Note

A TDE key is deleted only when it isn't used and not associated with any cluster.


Could this page be better? Report a problem or suggest an addition!