https://github.com/percona/pg_tde
Transparent Data Encryption for PostgreSQL
https://github.com/percona/pg_tde
encryption percona pg postgresql tde transparent-data-encryption
Last synced: 9 days ago
JSON representation
Transparent Data Encryption for PostgreSQL
- Host: GitHub
- URL: https://github.com/percona/pg_tde
- Owner: percona
- License: other
- Created: 2023-07-12T09:41:27.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2026-02-24T10:15:20.000Z (16 days ago)
- Last Synced: 2026-02-24T15:50:03.649Z (16 days ago)
- Topics: encryption, percona, pg, postgresql, tde, transparent-data-encryption
- Language: C
- Homepage:
- Size: 31.2 MB
- Stars: 195
- Watchers: 8
- Forks: 34
- Open Issues: 6
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- Code of conduct: code-of-conduct.md
- Codeowners: .github/CODEOWNERS
- Security: SECURITY.md
- Copyright: COPYRIGHT
Awesome Lists containing this project
- awesome-repositories - percona/pg_tde - Transparent Data Encryption for PostgreSQL (C)
README
[](https://scorecard.dev/viewer/?uri=github.com/percona/pg_tde)
[](https://codecov.io/github/percona/pg_tde)
[](https://forums.percona.com/)
[](https://docs.percona.com/pg-tde/)
# pg_tde: Transparent Database Encryption for PostgreSQL
PostgreSQL extension that provides Transparent Data Encryption (TDE) to protect data at rest.
## Table of Contents
1. [Overview](#overview)
2. [Documentation](#documentation)
3. [Percona Server for PostgreSQL](#percona-server-for-postgresql)
4. [Run in docker](#run-in-docker)
5. [Set up pg_tde](#set-up-pg_tde)
6. [Downloads](#downloads)
7. [Additional functions](#additional-functions)
## Overview
Transparent Data Encryption offers encryption at the file level and solves the problem of protecting data at rest. The encryption is transparent for users allowing them to access and manipulate the data and not to worry about the encryption process. The extension supports [keyringfile and external Key Management Systems (KMS) through a Global Key Provider interface](../pg_tde/documentation/docs/global-key-provider-configuration/index.md).
### This extension provides the `tde_heap access method`
This access method:
- Works only with [Percona Server for PostgreSQL 17](https://docs.percona.com/postgresql/17/postgresql-server.html) or [Percona Server for PostgreSQL 18](https://docs.percona.com/postgresql/18/postgresql-server.html)
- Uses extended Storage Manager and WAL APIs
- Encrypts tuples, WAL and indexes
- It **does not** encrypt temporary files and statistics **yet**
## Documentation
For more information about `pg_tde`, [see the official documentation](https://docs.percona.com/pg-tde/index.html).
## Percona Server for PostgreSQL
Percona provides binary packages of `pg_tde` extension only for Percona Server for PostgreSQL. Learn how to install them or build `pg_tde` from sources for PSPG in the [documentation](https://docs.percona.com/pg-tde/install.html).
## Run in Docker
To run `pg_tde` in Docker, follow the instructions in the [official pg_tde Docker documentation](https://docs.percona.com/postgresql/17/docker.html#enable-encryption).
_For details on the build process and developer setup, see [Make Builds for Developers](https://github.com/percona/pg_tde/wiki/Make-builds-for-developers)._
## Set up pg_tde
For more information on setting up and configuring `pg_tde`, see the [official pg_tde setup topic](https://docs.percona.com/pg-tde/setup.html).
The guide also includes instructions for:
- Installing and enabling the extension
- Setting up key providers
- Creating encrypted tables
## Additional functions
Learn more about the helper functions available in `pg_tde`, including how to check table encryption status, in the [Functions topic](https://docs.percona.com/pg-tde/functions.html?h=pg_tde_is_encrypted#encryption-status-check).