Configuring the EDB PostgreSQL Server for Encryption

1. Log in as the EDB user: 

   Copy

   su - enterprisedb

2. Export the variables required for wrapping and unwrapping the EDB Data Encryption Key.

   Copy

   export PGDATAKEYWRAPCMD='/opt/hcs/bin/htkey encrypt --config-file <config-file-path> --key-name <key-name> --out-file "%p"'
   export PGDATAKEYUNWRAPCMD='/opt/hcs/bin/htkey decrypt --config-file <config-file-path> --in-file "%p"'

   Where: 

   • <config-file-path> refers to the absolute path of the Access Token file. See Configuring the EDB PostgreSQL Database Connector.

   • <key-name> refers to the CloudKey that you created. See Creating a CloudKey for EDB PostgreSQL Database Server.

3. Enable encryption: 

   Copy

   /usr/lib/edb-as/16/bin/initdb -D /var/lib/edb-as/16/main --data-encryption

   Where -D refers to the data directory. This directory should be empty.

4. Start the server: 

   Copy

   /usr/lib/edb-as/16/bin/pg_ctl start -D /var/lib/edb-as/16/main

5. Verify that encryption is enabled: 

   Copy

   select data_encryption_version from pg_control_init();