Creating a database with TDE
Create a new EDB Postgres Advanced Server cluster with TDE enabled.
- Set the environment variables to export the
wrap
andunwrap
commands for encryption. - Initialize a server with encryption enabled.
- Start the database server.
- Verify TDE is enabled.
Worked example
This example uses EDB Postgres Advanced Server 16 running on a Linux platform. It uses OpenSSL to define the passphrase to wrap and unwrap the generated data encryption key.
Set the data encryption key (wrap) and decryption (unwrap) environment variables:
Note
- If you're on Windows, you don't need the single quotes around the variable value.
Initialize the cluster using
initdb
with encryption enabled. This command sets thedata_encryption_key_unwrap_command
parameter in thepostgresql.conf
file.Start the cluster:
Run grep on
postgresql.conf
to verify the setting ofdata_encryption_key_unwrap_command
:
- On this page
- Worked example