Encryption and Decryption
This tutorial will show you how to use encryption and decryption features in pgmoneta.
Preface
This tutorial assumes that you have an installation of PostgreSQL 13+ and pgmoneta.
See Install pgmoneta for more detail.
Enable Encryption and Decryption in pgmoneta workflow
By default, the encryption is disabled. To enable this feature, modify pgmoneta.conf:
encryption = aes-256-cbcencryption = aes-256-cbc(pgmoneta user)
Many encryption modes are supported, see Configuration for details.
Encryption and Decryption Commands
pgmoneta use the same key created by pgmoneta-admin master-key to encrypt and decrypt files.
Encrypt a file with pgmoneta-cli encrypt, the file will be encrypted in place and remove unencrypted file on success.
pgmoneta-cli -c pgmoneta.conf encrypt '<path-to-your-file>/file.tar.zstd'pgmoneta-cli -c pgmoneta.conf encrypt '<path-to-your-file>/file.tar.zstd'Decrypt a file with pgmoneta-cli decrypt, the file will be decrypted in place and remove encrypted file on success.
pgmoneta-cli -c pgmoneta.conf decrypt '<path-to-your-file>/file.tar.zstd.aes'pgmoneta-cli -c pgmoneta.conf decrypt '<path-to-your-file>/file.tar.zstd.aes'pgmoneta-cli encrypt and pgmoneta-cli decrypt are built to deal with files created by pgmoneta-cli archive. It can be used on other files though.