PG_TDE in a everest deployment

Hello,

As it is explained in https://www.percona.com/blog/encrypt-postgresql-data-at-rest-on-kubernetes/ it is possible to configure pg_tde using the kubernetes operator. Does anyone know if it is also possible to configure it for a deployment which is managed by https://www.percona.com/software/percona-everest? If so, how would I go about that?

Thanks!

After diving deeper into the documentation, I guess I need to run the following commands. I’ll see how it goes.

ALTER SYSTEM SET shared_preload_libraries = 'pg_tde';

# Reboot the postgres instances

CREATE EXTENSION pg_tde;

At least in my setup it doesn’t work, giving me.

using server 17.4 - Percona Server for PostgreSQL 17.4.1 (newest version possible with everest)

postgres=# CREATE EXTENSION pg_tde;
ERROR:  pgaudit must be loaded via shared_preload_librarie

Setting these parameter in the database engine config did the trick

shared_preload_libraries = ‘pgaudit, pg_tde’

Hi @masterix !

Congratulations on getting pg_tde working with your setup!

Was the documentation helpful in getting this configured? Do you have any feedback or suggestions on how we could make it clearer for deployments managed by Everest? (apart from the great info already delivered)

Thank you!

I think my confusion was mostly caused by the different documentations and I remember that it changed quite a bit from a few months ago. I wasn’t quite sure, that pg_tde was already shipped with the postgres version I selected in the setup, but it says it on nearly every page, except 1. Install pg_tde - Percona Transparent Data Encryption for PostgreSQL , were I found myself stuck for a while.

Tho I must say, to make it more obvious, it would help if in the page mentioned above would also include the percona kubernetes operator / everest, just like the docker one.

Thank you @masterix! We will definitely add multiple installation setups, your help was greatly appreciated!

Have a nice day!