Encrypt geometry data in postgres - postgresql

I have a column with geometry data in postgres DB with postGIS enabled.Please help me with a way to encrypt/decrypt that column.
postgresql.org/docs/9.4/static/datatype-geometric.html - the column that i have can contain any of the geometry types. I need a way to encrypt the data while writing to the DB and way to decrypt it while reading the same data back
Thanks in advance

There are several options:
PostgreSQL encryption
This can be done on many levels:
Encryption For Specific Columns
Data Partition Encryption
Encrypting Data Across A Network
etc.
Source
Application-level encryption
Encryption:
application: has geometric data into intermediary format (e.g. JSON)
application: encrypts intermediary format into binary data
application: persists binary data to database
Decryption:
application: reads binary data from database
application: decrypts binary data into intermediary format
application: now has usable geometric data

Related

postgresql encrypt with symmetric key and rolling it

i want to encrypt data inside a table in postgresql, i may encrypt a few column or all column data in that table.
if i do query directly from sql client (DBeaver, Adminer) then i can retrieve the column value but it's not readable (because it's encrypted)
if my application (web apps) query the table data, it will show the readable data. web apps have the correct key to decrypt.
Question :
assuming i encrypt using a symmetric key (pgcrypto), how can i regularly rotate the symmetric key ?
can i implemented above case at AWS ?

Is it possible to import a third party's symmetric key into SQL Server

A third-party sends us a large CSV, an export from their (non-SQL Server) database. Several encrypted columns from their database were exported to CSV without being decrypted first. Separately, they sent us the symmetric key which they used to encrypt those columns of data.
We can decrypt those columns of data using a .NET program and the AesManaged classes before we import it into SQL Server; but is it possible to skip that step and decrypt those columns of data using T-SQL with their symmetric key after the data has been imported? Are there any decryption utilities in SQL Server that accept an AES_256 key as a parameter?

How to encrypt data in Tableau?

I'm trying to understand if there is a default encrypt/decrypt functions available in Tableau in any version(14/15/18).
Can we create customized function to encrypt/decrypt data?
As of version 2018, Tableau doesn't come with any Encrypt/Decrypt functions.
Here is a screenshot of all available type of functions in Tableau.
Some of the database drivers for Tableau allow you to specify an encrypted connection to the database (so the data is encrypted in transit). Some of the same databases can store data in encrypted form(so the data is encrypted at rest).
These features vary depending on the functionality of the data source.
So if you are talking to a text file, you don’t have encryption options, but most of the major databases do to a degree — maybe with SSL in transit. You can set up a virtual private database with Oracle for instance.
You asked about a function for encrypting data. Tableau doesn’t have a specific function beyond what I’ve described above, but you can also use the SCRIPT_STR() function and its cousins to call functions in R, Python or Matlab - so you can call an external encryption function if desired.

How can I encrypt just a single table data in redshift database

How can I encrypt just a single table data in redshift database?
I see that encryption is a cluster level setting. But I need to encrypt just 1 table and not all the tables of the database.
I have user personal information in the table that I want to encrypt.
No. As you say, encryption is a cluster-level setting.
You could encrypt the data in the table yourself, but this makes it hard to write useful SQL queries.

PostgreSQL: Encrypt Column With pgcrypto

I need to encrypt some columns in a PostgreSQL 9.6 database. The data being encrypted is inherently sensitive; however, the data are not passwords or other authentication credentials. This data will need to be decrypted for statistical analysis and consumption by users.
After reading several questions and answers:
Storing encrypted data in Postgres
https://dba.stackexchange.com/questions/24370/how-to-use-aes-encryption-in-postgresql
https://dba.stackexchange.com/questions/59942/secure-postgresql-database-encryption
... and considering these comments:
... it seems the biggest problem with using the pgcrypto module is the storage of keys in the same database.
This begs the question:
Is it consistent with best practices to store the key in a different database and access it via a foreign data wrapper, such as Postgresql_FDW?
Secret storage is a common issue when using crypto mecanisms.
pgcrypto does not povide key storage, you are free to store the key where you want and protect it as you can.
Storing the key in another database, if managed by the same DBA does not provide much security as DBA may access it the same way.
Ideally, you would store the key in a secure vault and request it from your application in order to construct the queries. It will still be visible from DBA while the request is running through select * from pg_stat_activity.
You may set the key for a SQL session wide use through set session my.vars.cryptokey = 'secret'; then use it into your queries with the following syntax : current_setting('my.vars.cryptokey')::text
To be (almost) transparent from the application point of view, PostgreSQL rules may help for translating secure_column to the call to decrypt function with the session stored key. For inserting, a pre-insert trigger would be required.