You can verify which tablespaces are encrypted using pgx_tablespaces system view. The following command will show the encryption algorithm applied to each tablespace.
Example below shows that a tablespace ‘secure_tablespace‘ is encrypted using AES256, while tablespaces ‘pg_default’ and ‘pg_global’ with the value of ‘none’ for the column ‘spcencalgo’ are not encrypted. The other possible value is AES128.
postgres=# SELECT spcname, spcencalgo FROM pg_tablespace ts, pgx_tablespaces tsx WHERE ts.oid = tsx.spctablespace;
spcname | spcencalgo -------------------+------------ pg_default | none pg_global | none secure_tablespace | AES256 (3 rows)
Product: Fujitsu Enterprise Postgres AE
Versions: from 9.5
Architecture: X86, S390x, ppc64le
Operating System: Linux
Encryption using Transparent Data Encryption (TDE) feature is applied at the tablespace level. This means that data such as tables and indexes created in the specified tablespace, the WAL, backup files, and archive logs will be automatically encrypted.
The data and index in the encrypted tablespace along with the associated WAL files can be backed up by taking a physical backup using the pgx_dmpall or pg_basebackup command. It is important to back up the keystore.ks file so that encrypted data can be restored with a keystore and passphrase. If there is any tablespace which is not encrypted, then it is backed up as unencrypted.
Note that a logical backup taken by pg_dump, pg_dumpall, or COPY command is not encrypted. This is because a logical backup is taken through SQL interface (like a client executing any other select statement), so encrypted data are decrypted before writing to a backup file.
Product: Fujitsu Enterprise Postgres AE
Versions: from 9.5
Architecture: X86, S390x, ppc64le
Operating System: Linux
If you want to mask the first 12 digits of a credit card number, you can apply Partial masking.
There are 3 different types of Data Masking supported that can be applied using masking policies, which include:
postgres=# SELECT * from emp;
id | name | creditcard_num ----+------------+--------------------- 1 | John Smith | ****-****-****-3433 2 | Adam Brown | ****-****-****-8209
You can specify whether or not to apply a masking policy using a function. If the result of the function is true, masking will be applied, and if not then it is not applied. Also, this gives the flexibility to selectively mask data to specific users.
Product: Fujitsu Enterprise Postgres AE
Versions: from 9.5
Architecture: X86, S390x, ppc64le
Operating System: Linux
Read our most recent articles regarding all aspects of PostgreSQL and FUJITSU Enterprise Postgres.