Encryption at Rest is an essential practice to ensure the security of sensitive data. PostgreSQL on Ubuntu 22.04 offers several options for encrypting your database at rest. In this tutorial, we will explore how to encrypt a database in PostgreSQL on Ubuntu 22.04.
Make sure you have PostgreSQL installed on your Ubuntu 22.04 system. If you haven't already done so, you can install it with the following command:
sudo apt update
sudo apt install postgresql postgresql-contrib
PostgreSQL supports several filesystem-level or block-level encryption options 1 . Filesystem-level encryption options include eCryptfs and EncFS, while for block-level or full disk encryption, options include dm-crypt + LUKS on Linux.
Filesystem Level Encryption with eCryptfs:
Install eCryptfs on your Ubuntu system with the following command:
sudo apt-get install ecryptfs-utils
Load the eCryptfs kernel module with the following command:
sudo modprobe ecryptfs
Creating an Encrypted Partition:
Create an encrypted partition for your PostgreSQL database. Assuming the partition is
/dev/sdaX, the command is:
sudo ecryptfs-setup-private --dev=/dev/sdaX
Mounting the Encrypted Partition:
Mount the encrypted partition to the desired mount point, for example
sudo mount -t ecryptfs /dev/sdaX /var/lib/postgresql
Edit the PostgreSQL configuration file (
postgresql.conf ) to indicate the new location of the encrypted database:
sudo nano /etc/postgresql/XX/main/postgresql.conf
data_directory line with the new path:
data_directory = '/var/lib/postgresql'
You have now successfully configured encryption of your PostgreSQL database at rest on Ubuntu 22.04. This will guarantee you greater security for your sensitive data, protecting them from unauthorized access. Be sure to test your setup in a secure environment before applying it in a production environment.