Problem:

The client reported that they had deployed a billing system for one of their customers, which uses PostgreSQL 15 within a high availability cluster managed by Patroni. As the system entered production, the customer requested that sensitive data within the database tables (such as names, addresses, phone numbers, and card information) be encrypted or masked. The client emphasized the need to continue deployments in production and expressed openness to using PostgreSQL-native tools or third-party applications to achieve this.

Process:

The expert reviewed the requirements and outlined the key objectives:

  • Encrypt or mask sensitive data in production.
  • Ensure data security at rest and during use.
  • Control access based on roles.
  • Use PostgreSQL-native or third-party tools depending on suitability.

Based on this, the expert proposed a dual-strategy approach, including both native PostgreSQL features and optional third-party tools.

Solution:

1. PostgreSQL Native Options

Column-Level Encryption using pgcrypto
  • Data is encrypted at the field level with the pgcrypto extension.
  • Example SQL commands were provided for both encryption and decryption.
  • Pros: Native integration, no external dependencies.
  • Cons: Requires query-level code changes; manual key management.
Data Masking via Role-Based Views
  • Custom views that display either cleartext or masked values depending on user roles.
  • Pros: Easy to implement, leverages PostgreSQL’s access control.
  • Cons: Does not provide true encryption; relies on access restrictions.

2. Third-Party Tools (Optional Enhancements)

  • Enterprise tools such as Thales, Protegrity for more advanced encryption, masking, audit logging, and policy enforcement.
  • Open-source tool PgMask, which provides dynamic masking using a proxy approach and config-driven rules.

Best Practice Recommendations and Action Plan

  • Enable pgcrypto and encrypt critical fields.
  • Create masked views for non-privileged users.
  • Restrict direct table access with appropriate privileges.
  • Store encryption keys securely outside the database (e.g., with Vault).
  • Implement audit logging (e.g., using pgAudit).
  • Define and document roles, masking rules, and key management procedures.

Conclusion:

The solution effectively addresses the client’s request for securing sensitive data in production by balancing native PostgreSQL capabilities with potential third-party enhancements. It allows flexibility in access control, ensures compliance with data protection requirements, and minimizes disruption to ongoing deployments. This hybrid approach is ideal because it leverages PostgreSQL’s built-in tools for fast implementation while leaving room for enterprise-level scalability and security if needed.