The following table lists the functions that can be used for transparent data encryption.
Name | Return type | Description |
|---|---|---|
pgx_open_keystore(passphrase) | void | Opens the keystore |
pgx_set_master_key(passphrase) | void | Sets the master encryption key |
pgx_set_keystore_passphrase(oldPassphrase, newPassphrase) | void | Changes the keystore passphrase |
The pgx_open_keystore function uses the specified passphrase to open the keystore. When the keystore is opened, the master encryption key is loaded into the database server memory. In this way, you can access the encrypted data and create encrypted tablespaces. If the keystore is already open, this function returns an error.
Only superusers can execute this function. Also, this function cannot be executed within a transaction block.
The pgx_set_master_key function generates a master encryption key and stores it in the keystore. If the keystore does not exist, this function creates a keystore. If the keystore already exists, this function modifies the master encryption key. If the keystore has not been opened, this function opens it.
The passphrase is a string of 8 to 200 bytes.
Only superusers can execute this function. Also, this function cannot be executed within a transaction block. Processing is not affected by whether the keystore is open.
The pgx_set_keystore_passphrase function changes the keystore passphrase. Specify the current passphrase in oldPassphrase, and a new passphrase in newPassphrase.
The passphrase is a string of 8 to 200 bytes.
Only superusers can execute this function. Also, this function cannot be executed within a transaction block. Processing is not affected by whether the keystore is open.
