Reputation: 330
pgcrypto: column encryption in PostgreSQL need suggestions
I have a table and I want to encrypt, few columns of it using pgcrypto functions of PostgreSQL. Lets say I want to use pgp_sym_encrypt( 'sample_name', 'someKey' , [options]).
I need suggestions on how and where to store the 'someKey'. I understand that KMS feature is not straight forward ( probably not yet fully implemented in PG- 12 ), but storing the 'someKey' in the code is not desirable, nor storing in some other database/servers.
I was hoping if I can generate a Random key to encrypt the data, but I also need to decrypt it while fetching - any suggestion on this please.
I am exploring options in learning phase, now.
Upvotes: 1
Views: 432
Answers (1)
Reputation: 330
Approach that I am considering -
We have Azure Key Vault storage, and we can store the 'key' in the Azure KV. From the application level, we can pass the 'key' to the functions as a parameter. And we can use functions like pgp_sym_encrypt or pgp_sym_decrypt ( for symmetric encryption / decryption ), using that parameter.
No need of storing the key in DB itself.
Any suggestions is appreciable.
Upvotes: 1
Related Questions
- Database column encryption postgres
- Encrypt entire column with pgcrypto
- Postgresql Encryption
- pgp_sym_encrypt and decrypt an entire column in postgresql
- Encrypt a column using PostgreSQL
- Encrypt columns data in postgresql database with pgcrypto
- Postgres - how to encrypt a column and his data
- PostgreSQL: Encrypt Column With pgcrypto
- Encrypt the datas in postgresql
- How to encrypt columns in postgresql?