pgcrypto Cryptographic Functions

A newer version of this documentation is available. Click here to view the most up-to-date release of the Greenplum 5.x documentation.

pgcrypto Cryptographic Functions

Greenplum Database is installed with an optional module of encryption/decryption functions called pgcrypto. The pgcrypto functions allow database administrators to store certain columns of data in encrypted form. This adds an extra layer of protection for sensitive data, as data stored in Greenplum Database in encrypted form cannot be read by anyone who does not have the encryption key, nor can it be read directly from the disks.

Note: The pgcrypto functions run inside the database server, which means that all the data and passwords move between pgcrypto and the client application in clear-text. For optimal security, consider also using SSL connections between the client and the Greenplum master server.
Before you can use pgcrypto functions, run the installation script $GPHOME/share/postgresql/contrib/pgcrypto.sql in each database where you want the ability to query other databases:
$ psql -d testdb -f $GPHOME/share/postgresql/contrib/pgcrypto.sql

See pgcrypto in the PostgreSQL documentation for more information about individual functions.