Functions provided by the Entrust PostgreSQL Extension

  1. open_session()

    Copy 
    open_session(access token file path) returns void

    open_session(access token) returns void

    The open_session() function is responsible for creating a session. It reads the access token either from a file or directly as a parameter. Once the access token is obtained, the function stores it in cache for subsequent use.

    For example:

    Copy 
    select open_session('file:///opt/hcs/etc/psql.conf');

  2. close_session()

    Copy 
    close_session() returns void

    The close_session() function is used to close a session. This function will remove the access token and keys from the cache.

    For example:

    Copy 
    select close_session();

  3. get_key()

    Copy 
    get_key(keyname) returns key handle (INTEGER)

    The get_key() function is used to fetch a key from the Cryptographic Security Platform Vault for Databases. It stores the key in the cache and returns the key handle.

    For example:

    Copy 
    select get_key('master-key1') as handle \gset

  4. encrypt_data(text, key_handle)

    Copy 
    encrypt_data(data TEXT, keyhandle INTEGER) returns TEXT

    The encrypt_data() function is used to encrypt the provided TEXT type data. It has two parameters: data and key_handle. The key_handle is returned by the get_key() function. It returns encrypted TEXT data.

    For example:

    Copy 
    insert into users (name, credit_card_details) values ('John', encrypt_data('my_details', :handle));

  5. decrypt_data()

    Copy 
    decrypt_data(encrypted_data TEXT) returns TEXT

    The decrypt_data() function is used to decrypt TEXT type data. It also verifies the integrity of the data during decryption. It returns decrypted TEXT data.

    For example:

    Copy 
    select name, decrypt_data(credit_card_details) from users;

  6. encrypt_data_bytea()

    Copy 
    encrypt_data_bytea(data BYTEA, keyhandle INTEGER) returns BYTEA

    The encrypt_data_bytea() function is used to encrypt the provided BYTEA type data. It has two parameters: data and key_handle. The key_handle is returned by the get_key() function. It returns encrypted BYTEA data.

    For example:

    Copy 
    insert into users (name, bytea_details) values ('John', encrypt_data_bytea(E'\\xDEADBEEF', :handle));

  7. decrypt_data_bytea()

    Copy 
    decrypt_data_bytea(encrypted_data BYTEA) returns BYTEA

    The decrypt_data_bytea() function is used to decrypt BYTEA data. It also verifies the integrity of the data during decryption. It returns decrypted BYTEA data.

    For example:

    Copy 
    select name, decrypt_data_bytea(bytea_details) from users;