{"id":17276488,"url":"https://github.com/percona/pg_tde","last_synced_at":"2026-03-03T09:09:22.932Z","repository":{"id":183437127,"uuid":"665477773","full_name":"percona/pg_tde","owner":"percona","description":"Transparent Data Encryption for PostgreSQL","archived":false,"fork":false,"pushed_at":"2026-02-24T10:15:20.000Z","size":32685,"stargazers_count":195,"open_issues_count":6,"forks_count":34,"subscribers_count":8,"default_branch":"main","last_synced_at":"2026-02-24T15:50:03.649Z","etag":null,"topics":["encryption","percona","pg","postgresql","tde","transparent-data-encryption"],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/percona.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":null,"code_of_conduct":"code-of-conduct.md","threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":"COPYRIGHT","agents":null,"dco":null,"cla":null}},"created_at":"2023-07-12T09:41:27.000Z","updated_at":"2026-02-20T12:32:14.000Z","dependencies_parsed_at":null,"dependency_job_id":"766aaff4-3617-4bde-98e1-6f8e2b411352","html_url":"https://github.com/percona/pg_tde","commit_stats":null,"previous_names":["percona-lab/postgres-tde-ext","percona-lab/pg_tde","percona/pg_tde"],"tags_count":5,"template":false,"template_full_name":null,"purl":"pkg:github/percona/pg_tde","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/percona%2Fpg_tde","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/percona%2Fpg_tde/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/percona%2Fpg_tde/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/percona%2Fpg_tde/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/percona","download_url":"https://codeload.github.com/percona/pg_tde/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/percona%2Fpg_tde/sbom","scorecard":{"id":1238903,"data":{"date":"2025-09-29T03:38:31Z","repo":{"name":"github.com/percona/pg_tde","commit":"b182b92f6b7605e58cf8f42c2c65a295752c465f"},"scorecard":{"version":"v5.0.0","commit":"ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4"},"score":5.9,"checks":[{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#binary-artifacts"}},{"name":"Branch-Protection","score":5,"reason":"branch protection is not maximal on development and all release branches","details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Warn: 'branch protection settings apply to administrators' is disable on branch 'main'","Warn: 'stale review dismissal' is disable on branch 'main'","Warn: required approving review count is 1 on branch 'main'","Warn: codeowners review is not required on branch 'main'","Warn: 'last push approval' is disable on branch 'main'","Warn: no status checks found to merge onto branch 'main'","Info: PRs are required in order to make changes on branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#branch-protection"}},{"name":"CI-Tests","score":10,"reason":"30 out of 30 merged PRs checked by a CI test -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#ci-tests"}},{"name":"CII-Best-Practices","score":2,"reason":"badge detected: InProgress","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#cii-best-practices"}},{"name":"Code-Review","score":8,"reason":"Found 18/22 approved changesets -- score normalized to 8","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#code-review"}},{"name":"Contributors","score":10,"reason":"project has 5 contributing companies or organizations","details":["Info: typegrind contributor org/company found, percona contributor org/company found, Percona-Lab contributor org/company found, GolangShow contributor org/company found, microsoft contributor org/company found, "],"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#contributors"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#dangerous-workflow"}},{"name":"Dependency-Update-Tool","score":10,"reason":"update tool detected","details":["Info: detected update tool: Dependabot: :0"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#dependency-update-tool"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#license"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#maintained"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/docker.yaml:14"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#packaging"}},{"name":"Pinned-Dependencies","score":3,"reason":"dependency not pinned by hash detected -- score normalized to 3","details":["Warn: containerImage not pinned by hash: docker/Dockerfile:1: pin your Docker image by updating postgres:16 to postgres:16@sha256:fd4208c8aadb92850e7e86a584fe8b1f2a6af8949feeb1ac8e12e72324573676","Warn: pipCommand not pinned by hash: .github/workflows/docs.yaml:39","Warn: pipCommand not pinned by hash: .github/workflows/docs.yaml:40","Warn: pipCommand not pinned by hash: .github/workflows/docs.yaml:41","Warn: downloadThenRun not pinned by hash: .github/workflows/postgresql-16-ppg-package-pgxs.yml:35","Warn: downloadThenRun not pinned by hash: .github/workflows/postgresql-16-ppg-package-pgxs.yml:86","Warn: downloadThenRun not pinned by hash: .github/workflows/postgresql-16-src-make-ssl11.yml:35","Warn: downloadThenRun not pinned by hash: .github/workflows/postgresql-16-src-make-ssl11.yml:84","Warn: downloadThenRun not pinned by hash: .github/workflows/postgresql-16-src-make.yml:35","Warn: downloadThenRun not pinned by hash: .github/workflows/postgresql-16-src-make.yml:84","Warn: downloadThenRun not pinned by hash: .github/workflows/postgresql-16-src-meson.yml:36","Warn: downloadThenRun not pinned by hash: .github/workflows/postgresql-16-src-meson.yml:70","Warn: downloadThenRun not pinned by hash: .github/workflows/postgresql-17-src-make.yml:35","Warn: downloadThenRun not pinned by hash: .github/workflows/postgresql-17-src-make.yml:84","Warn: downloadThenRun not pinned by hash: .github/workflows/postgresql-17-src-meson-perf.yml:34","Warn: downloadThenRun not pinned by hash: .github/workflows/postgresql-17-src-meson-perf.yml:64","Warn: downloadThenRun not pinned by hash: .github/workflows/postgresql-17-src-meson.yml:36","Warn: downloadThenRun not pinned by hash: .github/workflows/postgresql-17-src-meson.yml:66","Warn: downloadThenRun not pinned by hash: .github/workflows/postgresql-pgdg-package-pgxs.yml:38","Warn: downloadThenRun not pinned by hash: .github/workflows/postgresql-pgdg-package-pgxs.yml:81","Info:  35 out of  35 GitHub-owned GitHubAction dependencies pinned","Info:   7 out of   7 third-party GitHubAction dependencies pinned","Info:   0 out of  16 downloadThenRun dependencies pinned","Info:   0 out of   1 containerImage dependencies pinned","Info:   0 out of   3 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#pinned-dependencies"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#sast"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#security-policy"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact latest not signed: https://api.github.com/repos/percona/pg_tde/releases/121666102","Warn: release artifact latest does not have provenance: https://api.github.com/repos/percona/pg_tde/releases/121666102"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#signed-releases"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: jobLevel 'contents' permission set to 'write': .github/workflows/postgresql-16-ppg-package-pgxs.yml:14","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/postgresql-pgdg-package-pgxs.yml:14","Info: topLevel 'contents' permission set to 'read': .github/workflows/check.yaml:6","Info: topLevel 'contents' permission set to 'read': .github/workflows/docker.yaml:11","Warn: topLevel 'contents' permission set to 'write': .github/workflows/docs.yaml:11","Info: topLevel 'contents' permission set to 'read': .github/workflows/postgresql-16-ppg-package-pgxs.yml:9","Info: topLevel 'contents' permission set to 'read': .github/workflows/postgresql-16-src-make-ssl11.yml:5","Info: topLevel 'contents' permission set to 'read': .github/workflows/postgresql-16-src-make.yml:5","Info: topLevel 'contents' permission set to 'read': .github/workflows/postgresql-16-src-meson.yml:5","Info: topLevel 'contents' permission set to 'read': .github/workflows/postgresql-17-src-make.yml:5","Info: topLevel 'contents' permission set to 'read': .github/workflows/postgresql-17-src-meson-perf.yml:4","Info: topLevel 'contents' permission set to 'read': .github/workflows/postgresql-17-src-meson.yml:5","Info: topLevel 'contents' permission set to 'read': .github/workflows/postgresql-perf-results.yml:10","Info: topLevel 'contents' permission set to 'read': .github/workflows/postgresql-pgdg-package-pgxs.yml:9","Info: topLevel permissions set to 'read-all': .github/workflows/scorecard.yml:12"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#token-permissions"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-10-18T21:43:05.476Z","repository_id":183437127,"created_at":"2025-10-18T21:43:05.476Z","updated_at":"2025-10-18T21:43:05.476Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30038677,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-03T06:58:30.252Z","status":"ssl_error","status_checked_at":"2026-03-03T06:58:15.329Z","response_time":61,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["encryption","percona","pg","postgresql","tde","transparent-data-encryption"],"created_at":"2024-10-15T09:00:51.582Z","updated_at":"2026-03-03T09:09:22.918Z","avatar_url":"https://github.com/percona.png","language":"C","funding_links":[],"categories":["C"],"sub_categories":[],"readme":"[![OpenSSF Scorecard](https://api.scorecard.dev/projects/github.com/percona/pg_tde/badge)](https://scorecard.dev/viewer/?uri=github.com/percona/pg_tde)\n[![codecov](https://codecov.io/github/percona/postgres/graph/badge.svg?token=Wow78BMYdP)](https://codecov.io/github/percona/pg_tde)\n[![Forum](https://img.shields.io/badge/Forum-join-brightgreen)](https://forums.percona.com/)\n[![Docs](https://img.shields.io/badge/docs-pg_tde-blue)](https://docs.percona.com/pg-tde/)\n\n# pg_tde: Transparent Database Encryption for PostgreSQL\n\nPostgreSQL extension that provides Transparent Data Encryption (TDE) to protect data at rest.\n\n## Table of Contents\n\n1. [Overview](#overview)\n2. [Documentation](#documentation)\n3. [Percona Server for PostgreSQL](#percona-server-for-postgresql)\n4. [Run in docker](#run-in-docker)\n5. [Set up pg_tde](#set-up-pg_tde)\n6. [Downloads](#downloads)\n7. [Additional functions](#additional-functions)\n\n## Overview\n\nTransparent Data Encryption offers encryption at the file level and solves the problem of protecting data at rest. The encryption is transparent for users allowing them to access and manipulate the data and not to worry about the encryption process. The extension supports [keyringfile and external Key Management Systems (KMS) through a Global Key Provider interface](../pg_tde/documentation/docs/global-key-provider-configuration/index.md).\n\n### This extension provides the `tde_heap access method`\n\nThis access method:\n\n- Works only with [Percona Server for PostgreSQL 17](https://docs.percona.com/postgresql/17/postgresql-server.html) or [Percona Server for PostgreSQL 18](https://docs.percona.com/postgresql/18/postgresql-server.html)\n- Uses extended Storage Manager and WAL APIs\n- Encrypts tuples, WAL and indexes\n- It **does not** encrypt temporary files and statistics **yet**\n\n## Documentation\n\nFor more information about `pg_tde`, [see the official documentation](https://docs.percona.com/pg-tde/index.html).\n\n## Percona Server for PostgreSQL\n\nPercona provides binary packages of `pg_tde` extension only for Percona Server for PostgreSQL. Learn how to install them or build `pg_tde` from sources for PSPG in the [documentation](https://docs.percona.com/pg-tde/install.html).\n\n## Run in Docker\n\nTo run `pg_tde` in Docker, follow the instructions in the [official pg_tde Docker documentation](https://docs.percona.com/postgresql/17/docker.html#enable-encryption).\n\n_For details on the build process and developer setup, see [Make Builds for Developers](https://github.com/percona/pg_tde/wiki/Make-builds-for-developers)._\n\n## Set up pg_tde\n\nFor more information on setting up and configuring `pg_tde`, see the [official pg_tde setup topic](https://docs.percona.com/pg-tde/setup.html).\n\nThe guide also includes instructions for:\n\n- Installing and enabling the extension\n- Setting up key providers\n- Creating encrypted tables\n\n## Additional functions\n\nLearn more about the helper functions available in `pg_tde`, including how to check table encryption status, in the [Functions topic](https://docs.percona.com/pg-tde/functions.html?h=pg_tde_is_encrypted#encryption-status-check).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpercona%2Fpg_tde","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpercona%2Fpg_tde","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpercona%2Fpg_tde/lists"}