pgcryptokey

cryptographic key management

Overview

Package	Version	Category	License	Language
`pgcryptokey`	`0.85`	SEC	PostgreSQL	C

ID	Extension	Bin	Lib	Load	Create	Trust	Reloc	Schema
7320	`pgcryptokey`	No	Yes	No	Yes	No	Yes	-

Related	`pgcrypto` `pgsodium` `pgsmcrypto` `pg_tde` `faker` `passwordcheck_cracklib` `supautils` `supabase_vault`

missing 14 on el pgdg repo

Version

Type	Repo	Version	PG Ver	Package	Deps
EXT	MIXED	`0.85`	1817161514	`pgcryptokey`	`pgcrypto`
RPM	PIGSTY	`0.85`	1817161514	`pgcryptokey_$v`	-
DEB	PIGSTY	`0.85`	1817161514	`postgresql-$v-pgcryptokey`	-

OS / PG	PG18	PG17	PG16	PG15	PG14
el8.x86_64	PIGSTY 0.85 el8.x86_64.pg18 : pgcryptokey_18 pgcryptokey_18-0.85-1PIGSTY.el8.x86_64.rpm PIGSTY · 0.85 · 16.8KiB	PGDG 0.85 el8.x86_64.pg17 : pgcryptokey_17 pgcryptokey_17-0.85-6PGDG.rhel8.x86_64.rpm PGDG · 0.85 · 18.1KiB pgcryptokey_17-0.85-1PIGSTY.el8.x86_64.rpm PIGSTY · 0.85 · 16.8KiB	PGDG 0.85 el8.x86_64.pg16 : pgcryptokey_16 pgcryptokey_16-0.85-5PGDG.rhel8.x86_64.rpm PGDG · 0.85 · 18.0KiB pgcryptokey_16-0.85-1PIGSTY.el8.x86_64.rpm PIGSTY · 0.85 · 16.8KiB	PGDG 0.85 el8.x86_64.pg15 : pgcryptokey_15 pgcryptokey_15-0.85-3.rhel8.x86_64.rpm PGDG · 0.85 · 22.4KiB pgcryptokey_15-0.85-1PIGSTY.el8.x86_64.rpm PIGSTY · 0.85 · 16.8KiB	PGDG 0.85 el8.x86_64.pg14 : pgcryptokey_14 pgcryptokey_14-0.85-3.rhel8.x86_64.rpm PGDG · 0.85 · 22.6KiB pgcryptokey_14-0.85-1PIGSTY.el8.x86_64.rpm PIGSTY · 0.85 · 16.8KiB
el8.aarch64	PIGSTY 0.85 el8.aarch64.pg18 : pgcryptokey_18 pgcryptokey_18-0.85-1PIGSTY.el8.aarch64.rpm PIGSTY · 0.85 · 17.1KiB	PGDG 0.85 el8.aarch64.pg17 : pgcryptokey_17 pgcryptokey_17-0.85-6PGDG.rhel8.aarch64.rpm PGDG · 0.85 · 18.2KiB pgcryptokey_17-0.85-1PIGSTY.el8.aarch64.rpm PIGSTY · 0.85 · 17.1KiB	PGDG 0.85 el8.aarch64.pg16 : pgcryptokey_16 pgcryptokey_16-0.85-5PGDG.rhel8.aarch64.rpm PGDG · 0.85 · 18.1KiB pgcryptokey_16-0.85-1PIGSTY.el8.aarch64.rpm PIGSTY · 0.85 · 17.1KiB	PGDG 0.85 el8.aarch64.pg15 : pgcryptokey_15 pgcryptokey_15-0.85-3.rhel8.aarch64.rpm PGDG · 0.85 · 22.4KiB pgcryptokey_15-0.85-1PIGSTY.el8.aarch64.rpm PIGSTY · 0.85 · 17.1KiB	PGDG 0.85 el8.aarch64.pg14 : pgcryptokey_14 pgcryptokey_14-0.85-3.rhel8.aarch64.rpm PGDG · 0.85 · 22.4KiB pgcryptokey_14-0.85-1PIGSTY.el8.aarch64.rpm PIGSTY · 0.85 · 17.1KiB
el9.x86_64	PIGSTY 0.85 el9.x86_64.pg18 : pgcryptokey_18 pgcryptokey_18-0.85-1PIGSTY.el9.x86_64.rpm PIGSTY · 0.85 · 16.8KiB	PGDG 0.85 el9.x86_64.pg17 : pgcryptokey_17 pgcryptokey_17-0.85-6PGDG.rhel9.x86_64.rpm PGDG · 0.85 · 17.5KiB pgcryptokey_17-0.85-1PIGSTY.el9.x86_64.rpm PIGSTY · 0.85 · 16.8KiB	PGDG 0.85 el9.x86_64.pg16 : pgcryptokey_16 pgcryptokey_16-0.85-5PGDG.rhel9.x86_64.rpm PGDG · 0.85 · 17.3KiB pgcryptokey_16-0.85-1PIGSTY.el9.x86_64.rpm PIGSTY · 0.85 · 16.8KiB	PGDG 0.85 el9.x86_64.pg15 : pgcryptokey_15 pgcryptokey_15-0.85-3.rhel9.x86_64.rpm PGDG · 0.85 · 22.7KiB pgcryptokey_15-0.85-1PIGSTY.el9.x86_64.rpm PIGSTY · 0.85 · 16.8KiB	PIGSTY 0.85 el9.x86_64.pg14 : pgcryptokey_14 pgcryptokey_14-0.85-1PIGSTY.el9.x86_64.rpm PIGSTY · 0.85 · 16.8KiB
el9.aarch64	PIGSTY 0.85 el9.aarch64.pg18 : pgcryptokey_18 pgcryptokey_18-0.85-1PIGSTY.el9.aarch64.rpm PIGSTY · 0.85 · 16.9KiB	PGDG 0.85 el9.aarch64.pg17 : pgcryptokey_17 pgcryptokey_17-0.85-6PGDG.rhel9.aarch64.rpm PGDG · 0.85 · 17.4KiB pgcryptokey_17-0.85-1PIGSTY.el9.aarch64.rpm PIGSTY · 0.85 · 16.9KiB	PGDG 0.85 el9.aarch64.pg16 : pgcryptokey_16 pgcryptokey_16-0.85-5PGDG.rhel9.aarch64.rpm PGDG · 0.85 · 17.0KiB pgcryptokey_16-0.85-1PIGSTY.el9.aarch64.rpm PIGSTY · 0.85 · 16.8KiB	PGDG 0.85 el9.aarch64.pg15 : pgcryptokey_15 pgcryptokey_15-0.85-3.rhel9.aarch64.rpm PGDG · 0.85 · 22.4KiB pgcryptokey_15-0.85-1PIGSTY.el9.aarch64.rpm PIGSTY · 0.85 · 16.9KiB	PGDG 0.85 el9.aarch64.pg14 : pgcryptokey_14 pgcryptokey_14-0.85-3.rhel9.aarch64.rpm PGDG · 0.85 · 22.3KiB pgcryptokey_14-0.85-1PIGSTY.el9.aarch64.rpm PIGSTY · 0.85 · 16.8KiB
el10.x86_64	PIGSTY 0.85 el10.x86_64.pg18 : pgcryptokey_18 pgcryptokey_18-0.85-1PIGSTY.el10.x86_64.rpm PIGSTY · 0.85 · 16.8KiB	PGDG 0.85 el10.x86_64.pg17 : pgcryptokey_17 pgcryptokey_17-0.85-8PGDG.rhel10.x86_64.rpm PGDG · 0.85 · 17.9KiB pgcryptokey_17-0.85-1PIGSTY.el10.x86_64.rpm PIGSTY · 0.85 · 16.8KiB	PGDG 0.85 el10.x86_64.pg16 : pgcryptokey_16 pgcryptokey_16-0.85-8PGDG.rhel10.x86_64.rpm PGDG · 0.85 · 17.9KiB pgcryptokey_16-0.85-1PIGSTY.el10.x86_64.rpm PIGSTY · 0.85 · 16.8KiB	PGDG 0.85 el10.x86_64.pg15 : pgcryptokey_15 pgcryptokey_15-0.85-8PGDG.rhel10.x86_64.rpm PGDG · 0.85 · 17.9KiB pgcryptokey_15-0.85-1PIGSTY.el10.x86_64.rpm PIGSTY · 0.85 · 16.8KiB	PGDG 0.85 el10.x86_64.pg14 : pgcryptokey_14 pgcryptokey_14-0.85-8PGDG.rhel10.x86_64.rpm PGDG · 0.85 · 17.9KiB pgcryptokey_14-0.85-1PIGSTY.el10.x86_64.rpm PIGSTY · 0.85 · 16.8KiB
el10.aarch64	PIGSTY 0.85 el10.aarch64.pg18 : pgcryptokey_18 pgcryptokey_18-0.85-1PIGSTY.el10.aarch64.rpm PIGSTY · 0.85 · 17.0KiB	PGDG 0.85 el10.aarch64.pg17 : pgcryptokey_17 pgcryptokey_17-0.85-8PGDG.rhel10.aarch64.rpm PGDG · 0.85 · 17.9KiB pgcryptokey_17-0.85-1PIGSTY.el10.aarch64.rpm PIGSTY · 0.85 · 17.0KiB	PGDG 0.85 el10.aarch64.pg16 : pgcryptokey_16 pgcryptokey_16-0.85-8PGDG.rhel10.aarch64.rpm PGDG · 0.85 · 17.9KiB pgcryptokey_16-0.85-1PIGSTY.el10.aarch64.rpm PIGSTY · 0.85 · 17.0KiB	PGDG 0.85 el10.aarch64.pg15 : pgcryptokey_15 pgcryptokey_15-0.85-8PGDG.rhel10.aarch64.rpm PGDG · 0.85 · 17.9KiB pgcryptokey_15-0.85-1PIGSTY.el10.aarch64.rpm PIGSTY · 0.85 · 17.0KiB	PGDG 0.85 el10.aarch64.pg14 : pgcryptokey_14 pgcryptokey_14-0.85-8PGDG.rhel10.aarch64.rpm PGDG · 0.85 · 17.9KiB pgcryptokey_14-0.85-1PIGSTY.el10.aarch64.rpm PIGSTY · 0.85 · 17.0KiB
d12.x86_64	PIGSTY 0.85 d12.x86_64.pg18 : postgresql-18-pgcryptokey postgresql-18-pgcryptokey_0.85-1PIGSTY~bookworm_amd64.deb PIGSTY · 0.85 · 11.4KiB	PIGSTY 0.85 d12.x86_64.pg17 : postgresql-17-pgcryptokey postgresql-17-pgcryptokey_0.85-1PIGSTY~bookworm_amd64.deb PIGSTY · 0.85 · 11.4KiB	PIGSTY 0.85 d12.x86_64.pg16 : postgresql-16-pgcryptokey postgresql-16-pgcryptokey_0.85-1PIGSTY~bookworm_amd64.deb PIGSTY · 0.85 · 11.4KiB	PIGSTY 0.85 d12.x86_64.pg15 : postgresql-15-pgcryptokey postgresql-15-pgcryptokey_0.85-1PIGSTY~bookworm_amd64.deb PIGSTY · 0.85 · 11.4KiB	PIGSTY 0.85 d12.x86_64.pg14 : postgresql-14-pgcryptokey postgresql-14-pgcryptokey_0.85-1PIGSTY~bookworm_amd64.deb PIGSTY · 0.85 · 11.4KiB
d12.aarch64	PIGSTY 0.85 d12.aarch64.pg18 : postgresql-18-pgcryptokey postgresql-18-pgcryptokey_0.85-1PIGSTY~bookworm_arm64.deb PIGSTY · 0.85 · 11.6KiB	PIGSTY 0.85 d12.aarch64.pg17 : postgresql-17-pgcryptokey postgresql-17-pgcryptokey_0.85-1PIGSTY~bookworm_arm64.deb PIGSTY · 0.85 · 11.5KiB	PIGSTY 0.85 d12.aarch64.pg16 : postgresql-16-pgcryptokey postgresql-16-pgcryptokey_0.85-1PIGSTY~bookworm_arm64.deb PIGSTY · 0.85 · 11.5KiB	PIGSTY 0.85 d12.aarch64.pg15 : postgresql-15-pgcryptokey postgresql-15-pgcryptokey_0.85-1PIGSTY~bookworm_arm64.deb PIGSTY · 0.85 · 11.5KiB	PIGSTY 0.85 d12.aarch64.pg14 : postgresql-14-pgcryptokey postgresql-14-pgcryptokey_0.85-1PIGSTY~bookworm_arm64.deb PIGSTY · 0.85 · 11.5KiB
d13.x86_64	PIGSTY 0.85 d13.x86_64.pg18 : postgresql-18-pgcryptokey postgresql-18-pgcryptokey_0.85-1PIGSTY~trixie_amd64.deb PIGSTY · 0.85 · 11.4KiB	PIGSTY 0.85 d13.x86_64.pg17 : postgresql-17-pgcryptokey postgresql-17-pgcryptokey_0.85-1PIGSTY~trixie_amd64.deb PIGSTY · 0.85 · 11.4KiB	PIGSTY 0.85 d13.x86_64.pg16 : postgresql-16-pgcryptokey postgresql-16-pgcryptokey_0.85-1PIGSTY~trixie_amd64.deb PIGSTY · 0.85 · 11.4KiB	PIGSTY 0.85 d13.x86_64.pg15 : postgresql-15-pgcryptokey postgresql-15-pgcryptokey_0.85-1PIGSTY~trixie_amd64.deb PIGSTY · 0.85 · 11.4KiB	PIGSTY 0.85 d13.x86_64.pg14 : postgresql-14-pgcryptokey postgresql-14-pgcryptokey_0.85-1PIGSTY~trixie_amd64.deb PIGSTY · 0.85 · 11.4KiB
d13.aarch64	PIGSTY 0.85 d13.aarch64.pg18 : postgresql-18-pgcryptokey postgresql-18-pgcryptokey_0.85-1PIGSTY~trixie_arm64.deb PIGSTY · 0.85 · 11.6KiB	PIGSTY 0.85 d13.aarch64.pg17 : postgresql-17-pgcryptokey postgresql-17-pgcryptokey_0.85-1PIGSTY~trixie_arm64.deb PIGSTY · 0.85 · 11.6KiB	PIGSTY 0.85 d13.aarch64.pg16 : postgresql-16-pgcryptokey postgresql-16-pgcryptokey_0.85-1PIGSTY~trixie_arm64.deb PIGSTY · 0.85 · 11.6KiB	PIGSTY 0.85 d13.aarch64.pg15 : postgresql-15-pgcryptokey postgresql-15-pgcryptokey_0.85-1PIGSTY~trixie_arm64.deb PIGSTY · 0.85 · 11.6KiB	PIGSTY 0.85 d13.aarch64.pg14 : postgresql-14-pgcryptokey postgresql-14-pgcryptokey_0.85-1PIGSTY~trixie_arm64.deb PIGSTY · 0.85 · 11.6KiB
u22.x86_64	PIGSTY 0.85 u22.x86_64.pg18 : postgresql-18-pgcryptokey postgresql-18-pgcryptokey_0.85-1PIGSTY~jammy_amd64.deb PIGSTY · 0.85 · 11.5KiB	PIGSTY 0.85 u22.x86_64.pg17 : postgresql-17-pgcryptokey postgresql-17-pgcryptokey_0.85-1PIGSTY~jammy_amd64.deb PIGSTY · 0.85 · 11.7KiB	PIGSTY 0.85 u22.x86_64.pg16 : postgresql-16-pgcryptokey postgresql-16-pgcryptokey_0.85-1PIGSTY~jammy_amd64.deb PIGSTY · 0.85 · 11.7KiB	PIGSTY 0.85 u22.x86_64.pg15 : postgresql-15-pgcryptokey postgresql-15-pgcryptokey_0.85-1PIGSTY~jammy_amd64.deb PIGSTY · 0.85 · 11.7KiB	PIGSTY 0.85 u22.x86_64.pg14 : postgresql-14-pgcryptokey postgresql-14-pgcryptokey_0.85-1PIGSTY~jammy_amd64.deb PIGSTY · 0.85 · 11.6KiB
u22.aarch64	PIGSTY 0.85 u22.aarch64.pg18 : postgresql-18-pgcryptokey postgresql-18-pgcryptokey_0.85-1PIGSTY~jammy_arm64.deb PIGSTY · 0.85 · 11.5KiB	PIGSTY 0.85 u22.aarch64.pg17 : postgresql-17-pgcryptokey postgresql-17-pgcryptokey_0.85-1PIGSTY~jammy_arm64.deb PIGSTY · 0.85 · 11.8KiB	PIGSTY 0.85 u22.aarch64.pg16 : postgresql-16-pgcryptokey postgresql-16-pgcryptokey_0.85-1PIGSTY~jammy_arm64.deb PIGSTY · 0.85 · 11.8KiB	PIGSTY 0.85 u22.aarch64.pg15 : postgresql-15-pgcryptokey postgresql-15-pgcryptokey_0.85-1PIGSTY~jammy_arm64.deb PIGSTY · 0.85 · 11.8KiB	PIGSTY 0.85 u22.aarch64.pg14 : postgresql-14-pgcryptokey postgresql-14-pgcryptokey_0.85-1PIGSTY~jammy_arm64.deb PIGSTY · 0.85 · 11.7KiB
u24.x86_64	PIGSTY 0.85 u24.x86_64.pg18 : postgresql-18-pgcryptokey postgresql-18-pgcryptokey_0.85-1PIGSTY~noble_amd64.deb PIGSTY · 0.85 · 11.6KiB	PIGSTY 0.85 u24.x86_64.pg17 : postgresql-17-pgcryptokey postgresql-17-pgcryptokey_0.85-1PIGSTY~noble_amd64.deb PIGSTY · 0.85 · 11.6KiB	PIGSTY 0.85 u24.x86_64.pg16 : postgresql-16-pgcryptokey postgresql-16-pgcryptokey_0.85-1PIGSTY~noble_amd64.deb PIGSTY · 0.85 · 11.6KiB	PIGSTY 0.85 u24.x86_64.pg15 : postgresql-15-pgcryptokey postgresql-15-pgcryptokey_0.85-1PIGSTY~noble_amd64.deb PIGSTY · 0.85 · 11.6KiB	PIGSTY 0.85 u24.x86_64.pg14 : postgresql-14-pgcryptokey postgresql-14-pgcryptokey_0.85-1PIGSTY~noble_amd64.deb PIGSTY · 0.85 · 11.6KiB
u24.aarch64	PIGSTY 0.85 u24.aarch64.pg18 : postgresql-18-pgcryptokey postgresql-18-pgcryptokey_0.85-1PIGSTY~noble_arm64.deb PIGSTY · 0.85 · 11.4KiB	PIGSTY 0.85 u24.aarch64.pg17 : postgresql-17-pgcryptokey postgresql-17-pgcryptokey_0.85-1PIGSTY~noble_arm64.deb PIGSTY · 0.85 · 11.4KiB	PIGSTY 0.85 u24.aarch64.pg16 : postgresql-16-pgcryptokey postgresql-16-pgcryptokey_0.85-1PIGSTY~noble_arm64.deb PIGSTY · 0.85 · 11.4KiB	PIGSTY 0.85 u24.aarch64.pg15 : postgresql-15-pgcryptokey postgresql-15-pgcryptokey_0.85-1PIGSTY~noble_arm64.deb PIGSTY · 0.85 · 11.4KiB	PIGSTY 0.85 u24.aarch64.pg14 : postgresql-14-pgcryptokey postgresql-14-pgcryptokey_0.85-1PIGSTY~noble_arm64.deb PIGSTY · 0.85 · 11.4KiB

Build

You can build the RPM / DEB packages for pgcryptokey using pig build:

pig build pkg pgcryptokey         # build RPM / DEB packages

Install

You can install pgcryptokey directly. First, make sure the PGDG and PIGSTY repositories are added and enabled:

pig repo add pgsql -u          # Add repo and update cache

Install the extension using pig or apt/yum/dnf:

pig install pgcryptokey;          # Install for current active PG version

pig ext install -y pgcryptokey -v 18  # PG 18
pig ext install -y pgcryptokey -v 17  # PG 17
pig ext install -y pgcryptokey -v 16  # PG 16
pig ext install -y pgcryptokey -v 15  # PG 15
pig ext install -y pgcryptokey -v 14  # PG 14

dnf install -y pgcryptokey_18       # PG 18
dnf install -y pgcryptokey_17       # PG 17
dnf install -y pgcryptokey_16       # PG 16
dnf install -y pgcryptokey_15       # PG 15
dnf install -y pgcryptokey_14       # PG 14

apt install -y postgresql-18-pgcryptokey   # PG 18
apt install -y postgresql-17-pgcryptokey   # PG 17
apt install -y postgresql-16-pgcryptokey   # PG 16
apt install -y postgresql-15-pgcryptokey   # PG 15
apt install -y postgresql-14-pgcryptokey   # PG 14

Create Extension:

CREATE EXTENSION pgcryptokey CASCADE;  -- requires: pgcrypto

Usage

pgcryptokey: Cryptographic key management for PostgreSQL

pgcryptokey manages cryptographic data encryption keys within PostgreSQL. Keys are stored encrypted and secured by access passwords, supporting both system-wide and per-session key access.

CREATE EXTENSION pgcryptokey;

Key Management Functions

Function	Description
`create_cryptokey(name, byte_len)`	Generate a new cryptographic key
`set_cryptokey(name)`	Set the active key for operations
`get_cryptokey(name)`	Retrieve key material
`drop_cryptokey(name)`	Remove a key
`supersede_cryptokey()`	Rotate to a new key (same access password)
`change_key_access_password()`	Update key authentication credentials
`reencrypt_data()`	Re-encrypt data with a different key

Session Control

Function	Description
`get_shared_key()`	Establish client/server shared secret (SSL/Unix only)
`set_session_access_password()`	Client-supplied password authentication

Typical Workflow

-- Create a key
SELECT create_cryptokey('mykey', 32);

-- Set active key
SELECT set_cryptokey('mykey');

-- Encrypt data using pgcrypto functions with the managed key
UPDATE secrets SET data = pgp_sym_encrypt(plaintext, get_cryptokey('mykey'));

-- Decrypt data
SELECT pgp_sym_decrypt(data, get_cryptokey('mykey')) FROM secrets;

-- Rotate key
SELECT supersede_cryptokey();

Access passwords can be configured at database boot time for system-wide access, or per-session by individual clients for granular security control.

Feedback

Was this page helpful?

Thanks for the feedback! Please let us know how we can improve.

Sorry to hear that. Please let us know how we can improve.

Last Modified 2026-03-12: add pg extension catalog (95749bf)