Encrypting Data in Greenplum

posted Sep 12, 2012, 11:32 AM by Sachchida Ojha
PostgreSQL provides an optional package of encryption/decryption functions called pgcrypto, which can also be installed and used in Greenplum Database. The pgcrypto package is not installed by default with Greenplum Database, however Greenplum can provide a platform-specific build of pgcrypto upon request. Contact Greenplum Customer Support to obtain a build of pgcrypto and its supporting documentation.

The pgcrypto functions allow database administrators to store certain columns of data in encrypted form. This adds an extra layer of protection for sensitive data, as data stored in Greenplum Database in encrypted form cannot be read by users who do not have the encryption key, nor be read directly from the disks.

It is important to note that the pgcrypto functions run inside database server. That means that all the data and passwords move between pgcrypto and the client application in clear-text. For optimal security, consider also using SSL connections between the client and the Greenplum master server.