Enabling Key Management Systems for TDE

Suggest edits

When creating new clusters, you can enable Transparent Data Encryption (TDE) to encrypt the data stored in your databases.

To secure the data encryption key, you can either enter a passphrase of your choice, or bring your own key from a key management provider such as HashiCorp Vault or AWS Key Management Service.

Note

TDE is available for EDB Postgres Advanced Server and EDB Postgres Extended Server for version 15 and later.

First, ensure the Key Management System provider of your choice has been enabled in the values.yaml:

Then, configure your Key Management System provider:

KMS support

Learn about using KMS with PG AI Hybrid Manager.

HashiCorp Vault key

Learn about using a HashiCorp Vault key with PG AI Hybrid Manager.

AWS KMS

Learn about using AWS Key Management Service (KMS) with PG AI Hybrid Manager.

Google Cloud KMS

Learn about using Google Cloud Key Management (KMS) with PG AI Hybrid Manager.

Deleting a key

Learn how to delete a KMS key with PG AI Hybrid Manager.

← Prev

Enabling the Migration Portal AI Copilot

↑ Up

Using Hybrid Manager

Next →

Adding KMS support

Could this page be better? Report a problem or suggest an addition!