To clearly distinguish sensitive data from regular data, an always-confidential database defines data types for sensitive data and provides frequently used SQL operators. For more information about the sensitive data types and the related SQL operators, see Capabilities.
Define data types for sensitive data
You must distinguish between sensitive data and regular data based on your business requirements. You must define the data types of sensitive data in table schemas.
The following example describes a table schema.
CREATE TABLE example (
account integer, -- The account that corresponds to plaintext data of the INTEGER type.
name text, -- The name that corresponds to plaintext data of the TEXT type.
balance real, -- The account balance that corresponds to plaintext data of the REAL type.
credit real, -- The credit line of the account that corresponds to plaintext data of the REAL type.
quota real, -- The plaintext column.
address text, -- The address that corresponds to plaintext data of the TEXT type.
remark text, -- The remarks.
PRIMARY KEY (account) -- Specifies that the account column is used as the primary key.
);In the preceding table schema, account, name, balance, credit, and address are sensitive data fields that are defined based on business requirements. The following example describes the sensitive data fields in the table schema of an always-confidential database:
CREATE TABLE example (
account enc_int4, -- The account that corresponds to plaintext data of the INTEGER type.
name enc_text, -- The name that corresponds to plaintext data of the TEXT type.
balance enc_float4, -- The account balance that corresponds to plaintext data of the REAL type.
credit enc_float4, -- The credit line of the account that corresponds to plaintext data of the REAL type.
quota real, -- The plaintext column.
address enc_text, -- The address that corresponds to plaintext data of the TEXT type.
remark text, -- The remarks.
PRIMARY KEY (account) -- Specifies that the account column is used as the primary key.
);Convert existing regular data to sensitive data
You can execute the ALTER TABLE statement to separately configure an existing table and convert regular data in plaintext in the table to sensitive data in ciphertext. For more information, see Convert data between plaintext and ciphertext.
What to do next
After you define sensitive data, you can use the always-confidential database feature from a client. For information about how to use the always-confidential database feature from a client, see Use the always-confidential database feature from a client.