Skip to content
Percona Software for PostgreSQL Documentation

Rate this page
Thanks for your feedback
Thank you! The feedback has been submitted.

Get free database assistance or contact our experts for personalized support.

Get help from Percona

Technical reference overview

This section covers the internal components and tools that power pg_tde.

Use it to understand how encryption is implemented, fine-tune a configuration, leverage advanced CLI tools and functions for diagnostics and customization.

Usage reference

A description of the main pg_tde operations available, including configuring key providers, managing principal keys, setting permissions, and encrypting tables.

Follow the usage guide

Functions

Use built-in functions to manage key providers, create and rotate principal keys, and verify encryption status. Includes commands for Vault, KMIP, and local providers, plus utilities to inspect or validate keys.

Browse available functions

GUC Variables

Configure how pg_tde behaves with PostgreSQL. Control WAL encryption, enforce encryption for new tables, and manage global provider inheritance. Includes scope levels, defaults, and permission requirements.

Configure GUC variables

Streaming replication

Learn how to configure PostgreSQL streaming replication with pg_tde using the tde_heap access method. Covers primary and standby setup, key management requirements, and validation steps.

Set up replication with tde_heap