Hello, I was wondering if the pg_tde encryption extension is available in container images for the cluster version. If so, is the installation/config documentation the same as the Linux setup?
And one more question, if I manage to use it in Kubernetes, are database dumps of encrypted tables and data importable to clusters without pg_tde configured?
What I mean is will I be able to restore the data from the db dump if I lose the vault token/enc key?
I’ll try all of this now on my test cluster, but if you have this info I need please share.
Following extension install docs, I did the following on the fresh pg cluster:
- Add
pg_tde to shared_preload_libraries.
ALTER SYSTEM SET shared_preload_libraries = 'pg_tde';
- Start or restart the
postgresql instance to enable pg_tde.
I paused and unpaused the cluster (not sure how to restart it other way…), and now I have this error:
2025-01-27 13:26:09,627 INFO: Lock owner: ; I am pg-cluster-pg-db-instance1-5zff-0
2025-01-27 13:26:09,628 INFO: starting as a secondary
2025-01-27 13:26:10.433 UTC [2215] FATAL: could not access file "pg_tde": No such file or directory
2025-01-27 13:26:10.433 UTC [2215] LOG: database system is shut down
2025-01-27 13:26:10,483 INFO: postmaster pid=2215
Does this mean there is no tde support in kubernetes version? Image for pg pod is:
percona/percona-postgresql-operator:2.5.0-ppg16.4-postgres
Hi,
… tde support in kubernetes version?
I’ve passed on the question to get you an “official” answer from the pg_tde development team. All I can tell you right now is that it is going to happen soon.
Hope this helps
Follow up,
It is there already, and will come with the v2.6.0 release
Hope this helps
1 Like
@Robert_Bernier thank you very much! I’ll report my tests here when it becomes available, for others who are interested in encryption with Postgres operator