Slightly Saner Server-Side Symmetric Encryption in PostgreSQL


PostgreSQL PGCrypto Extension

Threat Model

  • use TLS encryption — even on internal networks
  • use a VLAN (if possible) or VPN
  • the database’s journal (aka the server’s hard disk). This must be protected against both attackers with access to a live system and attackers with access to backup media
  • the database client as it receives the data from the network.


  • user-defined types in C and/or PL/Java
  • accessing external key vaults such as Hashicorp Vault

Additional Resources

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Cybersecurity for Telehealth Providers in the COVID Era

CHIM Listing Issues Successfully Resolved And Explained

Announcing the Cryptonaut Holder Airdrop 🪂

{UPDATE} SHOOT ACTION Hack Free Resources Generator

Kazakhstan Shuts Down Crypto Mining Farms Till February

“Hacking” my Alarm System

Cloud Security Migration

Tech advice for older folk

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Bear Giles

Bear Giles

More from Medium

How to install PPTP on Ubuntu Server and CentOS Server.

How to simple run python3 thread in pyqt5 Qtimer

Easy Error Handling in aiohttp with aiohttp-catcher

Build RESTful APIs with python(Flask) and PostgreSQL