Percona Brings Transparent Data Encryption To Postgres

At KubeCon+CloudNativeCon North America past week, premium database work supplier Percona demonstrated its caller exertion for encrypting information astatine remainder connected PostgreSQL database systems.

With nan Transparent Data Encryption (TDE) hold (called pg_tde) for Percona for PostgreSQL, organizations tin encrypt their delicate information wrong their Postgres databases.

Addressing nan Market Need for Open Source PostgreSQL TDE

“There was a spread successful nan marketplace for at-rest information encryption for Postgres: We had a bunch of financial customers and willing financial users who had to bargain this feature,” explained Blair Rampling, successful a KubeCon boothside question and reply pinch TNS. “But they didn’t want that vendor lock-in. They wanted nan unfastened root version.”

TDE is “transparent” successful that nan encryption is invisible to nan personification and nan schema. Data is entered and queried arsenic per usual. Those snooping astir nan server without due credentials, however, will spot only nan encrypted data, arsenic it tin only beryllium unlocked done an on-board decryption engine. All nan celebrated cardinal guidance services are supported.

The overhead of encrypting and decrypting information is minimal.

The hold comes arsenic portion of nan Percona’s ain distribution for PostgreSQL, and is besides recognized and supported by nan company’s  managed services, and consulting services. No further licensing costs are needed to usage nan extension.

It is not disposable astatine this clip for different versions of Postgres, nan institution whitethorn grow it for its vanilla Postgres itself astatine immoderate point, pending organization support, Rampling said.

Compliance Benefits With PostgreSQL Data Encryption

Such encryption will besides thief them meet strict compliance requirements specified arsenic GDPR, HIPAA, SOX, and PCI DSS v4.0. In specified cases, it takes attraction of nan requirements wherever encrypting information astatine nan retention furniture that Postgres itself uses is not sufficient.

According to Percona, different benefits include:

• Open Source and Production-Ready: Get nan only unfastened root TDE solution for PostgreSQL fresh for accumulation — nary gated features, licenses, subscriptions, aliases closed source.
• Stronger Data Protection: Encrypt each database files connected disk, ensuring delicate accusation remains unafraid moreover if retention is compromised.
• Granular, User-Controlled Encryption: Gain eventual elasticity pinch multi-tenant support and nan expertise to encrypt astatine nan array level, utilizing unsocial keys for each database. You clasp afloat power complete your encryption strategy, choosing precisely what to protect without being forced into cluster-wide encryption.
• Seamless Integration: Deploy TDE without immoderate changes to your exertion code. Modernize and unafraid your back-end without disrupting business operations.
• Centralized Key Management: Streamline cardinal lifecycle guidance pinch integrations to starring Key Management Services (KMS) providers specified arsenic Hashicorp, Thales, Fortanix, and OpenBao, making it easier to enforce information policies and negociate encryption keys securely.
• Effortless Online Encryption and Key Management: Integrate encryption seamlessly by simply adding a caller hold and performing online encryption. Enjoy nan convenience of online cardinal rotation, ensuring continuous information protection pinch minimal operational overhead.
• Trusted Support and Services: Strengthen PostgreSQL information pinch 24/7 Support and Services for deployment and ongoing management.

Percona specializes successful offering premium (and distributions) for unfastened root database systems. In summation to Postgres, nan institution besides supports MySQL and MongoDB. It is besides a supporting of nan emerging Valkey, a fork of nan Redis information cache.

Group Created pinch Sketch.