Using HashiCorp KMS

Configuration example

Enable transit with HashiCorp Vault Transit Secrets Engine:

vault secrets enable transit

Create a key and give it a name:

vault write -f transit/keys/pg-tde-master-1

Use the vault write command with the pg-tde-master-1 key to wrap and unwrap the data encryption key:

PGDATAKEYWRAPCMD='base64 | vault write -field=ciphertext transit/encrypt/pg-tde-master-1 plaintext=- > "%p"'
PGDATAKEYUNWRAPCMD='vault write -field=plaintext transit/decrypt/pg-tde-master-1 ciphertext=- < "%p" | base64 -d'

On this page
Configuration example

← Prev

Using Google Cloud KMS

↑ Up

Using a key store

Using Thales KMS

Using HashiCorp KMS

Configuration example

← Prev

↑ Up

Next →