Introduction
Encryption at Rest is an essential practice to ensure the security of sensitive data. PostgreSQL on Ubuntu 22.04 offers several options for encrypting your database at rest. In this tutorial, we will explore how to encrypt a database in PostgreSQL on Ubuntu 22.04.
Initial configuration
Installing PostgreSQL:
Make sure you have PostgreSQL installed on your Ubuntu 22.04 system. If you haven't already done so, you can install it with the following command:
sudo apt updatesudo apt install postgresql postgresql-contribEncryption Options
PostgreSQL supports several filesystem-level or block-level encryption options 1 . Filesystem-level encryption options include eCryptfs and EncFS, while for block-level or full disk encryption, options include dm-crypt + LUKS on Linux.
Filesystem Level Encryption with eCryptfs:
Install eCryptfs on your Ubuntu system with the following command:
sudo apt-get install ecryptfs-utilsEncryption Setup:
Load the eCryptfs kernel module with the following command:
sudo modprobe ecryptfsCreating an Encrypted Partition:
Create an encrypted partition for your PostgreSQL database. Assuming the partition is /dev/sdaX, the command is:
sudo ecryptfs-setup-private --dev=/dev/sdaXMounting the Encrypted Partition:
Mount the encrypted partition to the desired mount point, for example /var/lib/postgresql:
sudo mount -t ecryptfs /dev/sdaX /var/lib/postgresqlPostgreSQL Configuration:
Edit the PostgreSQL configuration file ( postgresql.conf ) to indicate the new location of the encrypted database:
sudo nano /etc/postgresql/XX/main/postgresql.confEdit the data_directory line with the new path:
data_directory = '/var/lib/postgresql'Conclusions
You have now successfully configured encryption of your PostgreSQL database at rest on Ubuntu 22.04. This will guarantee you greater security for your sensitive data, protecting them from unauthorized access. Be sure to test your setup in a secure environment before applying it in a production environment.
