Skip to content
Percona Software for PostgreSQL Documentation

For help, click the link below to get free database assistance or contact our experts for personalized support.

Get help from Percona

Configure Key Management (KMS)

In production environments, storing encryption keys locally on the PostgreSQL server can introduce security risks. To enhance security, pg_tde supports integration with external Key Management Systems (KMS) through a Global Key Provider interface.

This section describes how you can configure pg_tde to use the local and external key providers. To use an external KMS with pg_tde, follow these two steps:

  1. Configure a Key Provider
  2. Set the Global Principal Key

Note

While keyfiles may be acceptable for local or testing environments, KMS integration is the recommended approach for production deployments.

Select your prefered configuration from the links below:

KMIP Configuration Vault Configuration Keyring File Configuration (not recommended)