Coming To Postgresql: On Disk Database Encryption
Transparent Data Encryption (TDE) is a popular approach to encrypting data at the storage layer, beefing up database security. While PostgreSQL has steadily climbed in popularity – especially among professional developers – it has so far lacked this enterprise feature, at least in open source.
So claims Percona, an open source database support and services company, which has sought to rectify the situation with its Transparent Data Encryption (TDE) extension for Percona for PostgreSQL.
Currently, the pg_tde extension is part of the open source Percona Distribution for PostgreSQL. It is compatible with PostgreSQL, available under the OSI-approved PostgreSQL License, and managed by the PostgreSQL Global Development Group.
Percona was working toward including the extension in the main PostgreSQL distribution soon, CTO Liz Warner told The Register.
“We’ve done some work, so it’s available right now in Percona Server for PostgreSQL,” she said. “It’s not available in upstream vanilla PostgreSQL because that will take some collaboration with the community. We have to make some foundational changes, but we’re doing the work for that. A piece of it is already in review. Ultimately, we want the TDE to be fully available to the community.”
Percona said it would help customers comply with policies and regulations that require encryption, such as Europe’s General Data Protection Regulation (GDPR), which requires organizations to implement appropriate security measures where storage encryption alone is no longer sufficient to protect personal data at rest.
EDB, a PostgreSQL support and service provider, also provides TDE, although its extension is only available in its licensed EDB Postgres Advanced Server and EDB Postgres Extended Server with the EDB Standard Plan.
“With the launch of TDE for PostgreSQL, Percona is leveling the playing field – giving every business access to enterprise-grade data-at-rest protection without licensing fees or restrictions,” Warner said.
The TDE extension would encrypt all database files on disk, ensuring sensitive information remains secure even if storage is compromised, Percona said. It also offers centralized Key Management with integrations to leading Key Management Services (KMS) providers such as HashiCorp, Thales, Fortanix, and OpenBao. ®
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
