The fully encrypted database feature is integrated with ApsaraDB RDS for PostgreSQL by default. However, you must complete some configurations before you use the feature. This topic describes how to enable the fully encrypted database feature.
Procedure
Create an ApsaraDB RDS for PostgreSQL instance and purchase an instance type that supports the fully encrypted database feature for the RDS instance. For more information, see Create an ApsaraDB RDS for PostgreSQL instance and Instance types for primary ApsaraDB RDS for PostgreSQL instances. The following mappings between fully encrypted databases and instance types must be met:
Fully encrypted database (hardware-enhanced edition): RDS instances that use Intel SGX-based security-enhanced instance types
Fully encrypted database (basic edition): RDS instances that use other instance types
NoteThe minor engine version of the RDS instance must be 20230830 or later.
Serverless RDS instances are not supported.
Economy RDS instances are not supported.
Create a privileged account that has the extension installation permissions for the RDS instance. For more information, see Create an account.
Create a database on the RDS instance. For more information, see Create a database.
After the database is connected by using the privileged account, execute the following SQL statement to install the extension that provides the fully encrypted database feature and enable the feature:
NoteFor more information about how to connect to an RDS instance, see Connect to an ApsaraDB RDS for PostgreSQL instance.
-- Install the EncDB extension. CREATE EXTENSION encdb;
What to do next
Before you use the fully encrypted database feature, you must define sensitive data based on your business requirements. For more information, see Define sensitive data.