pgcryptokey

PG密钥管理

概览

扩展包名	版本	分类	许可证	语言
`pgcryptokey`	`0.85`	SEC	PostgreSQL	C

ID	扩展名	Bin	Lib	Load	Create	Trust	Reloc	模式
7320	`pgcryptokey`	否	是	否	是	否	是	-

相关扩展	`pgcrypto` `pgsodium` `pgsmcrypto` `pg_tde` `faker` `passwordcheck_cracklib` `supautils` `supabase_vault`

missing 14 on el pgdg repo

版本

类型	仓库	版本	PG 大版本	包名	依赖
EXT	MIXED	`0.85`	1817161514	`pgcryptokey`	`pgcrypto`
RPM	PIGSTY	`0.85`	1817161514	`pgcryptokey_$v`	-
DEB	PIGSTY	`0.85`	1817161514	`postgresql-$v-pgcryptokey`	-

OS / PG	PG18	PG17	PG16	PG15	PG14
el8.x86_64	PIGSTY 0.85 el8.x86_64.pg18 : pgcryptokey_18 pgcryptokey_18-0.85-1PIGSTY.el8.x86_64.rpm PIGSTY · 0.85 · 16.8KiB	PGDG 0.85 el8.x86_64.pg17 : pgcryptokey_17 pgcryptokey_17-0.85-6PGDG.rhel8.x86_64.rpm PGDG · 0.85 · 18.1KiB pgcryptokey_17-0.85-1PIGSTY.el8.x86_64.rpm PIGSTY · 0.85 · 16.8KiB	PGDG 0.85 el8.x86_64.pg16 : pgcryptokey_16 pgcryptokey_16-0.85-5PGDG.rhel8.x86_64.rpm PGDG · 0.85 · 18.0KiB pgcryptokey_16-0.85-1PIGSTY.el8.x86_64.rpm PIGSTY · 0.85 · 16.8KiB	PGDG 0.85 el8.x86_64.pg15 : pgcryptokey_15 pgcryptokey_15-0.85-3.rhel8.x86_64.rpm PGDG · 0.85 · 22.4KiB pgcryptokey_15-0.85-1PIGSTY.el8.x86_64.rpm PIGSTY · 0.85 · 16.8KiB	PGDG 0.85 el8.x86_64.pg14 : pgcryptokey_14 pgcryptokey_14-0.85-3.rhel8.x86_64.rpm PGDG · 0.85 · 22.6KiB pgcryptokey_14-0.85-1PIGSTY.el8.x86_64.rpm PIGSTY · 0.85 · 16.8KiB
el8.aarch64	PIGSTY 0.85 el8.aarch64.pg18 : pgcryptokey_18 pgcryptokey_18-0.85-1PIGSTY.el8.aarch64.rpm PIGSTY · 0.85 · 17.1KiB	PGDG 0.85 el8.aarch64.pg17 : pgcryptokey_17 pgcryptokey_17-0.85-6PGDG.rhel8.aarch64.rpm PGDG · 0.85 · 18.2KiB pgcryptokey_17-0.85-1PIGSTY.el8.aarch64.rpm PIGSTY · 0.85 · 17.1KiB	PGDG 0.85 el8.aarch64.pg16 : pgcryptokey_16 pgcryptokey_16-0.85-5PGDG.rhel8.aarch64.rpm PGDG · 0.85 · 18.1KiB pgcryptokey_16-0.85-1PIGSTY.el8.aarch64.rpm PIGSTY · 0.85 · 17.1KiB	PGDG 0.85 el8.aarch64.pg15 : pgcryptokey_15 pgcryptokey_15-0.85-3.rhel8.aarch64.rpm PGDG · 0.85 · 22.4KiB pgcryptokey_15-0.85-1PIGSTY.el8.aarch64.rpm PIGSTY · 0.85 · 17.1KiB	PGDG 0.85 el8.aarch64.pg14 : pgcryptokey_14 pgcryptokey_14-0.85-3.rhel8.aarch64.rpm PGDG · 0.85 · 22.4KiB pgcryptokey_14-0.85-1PIGSTY.el8.aarch64.rpm PIGSTY · 0.85 · 17.1KiB
el9.x86_64	PIGSTY 0.85 el9.x86_64.pg18 : pgcryptokey_18 pgcryptokey_18-0.85-1PIGSTY.el9.x86_64.rpm PIGSTY · 0.85 · 16.8KiB	PGDG 0.85 el9.x86_64.pg17 : pgcryptokey_17 pgcryptokey_17-0.85-6PGDG.rhel9.x86_64.rpm PGDG · 0.85 · 17.5KiB pgcryptokey_17-0.85-1PIGSTY.el9.x86_64.rpm PIGSTY · 0.85 · 16.8KiB	PGDG 0.85 el9.x86_64.pg16 : pgcryptokey_16 pgcryptokey_16-0.85-5PGDG.rhel9.x86_64.rpm PGDG · 0.85 · 17.3KiB pgcryptokey_16-0.85-1PIGSTY.el9.x86_64.rpm PIGSTY · 0.85 · 16.8KiB	PGDG 0.85 el9.x86_64.pg15 : pgcryptokey_15 pgcryptokey_15-0.85-3.rhel9.x86_64.rpm PGDG · 0.85 · 22.7KiB pgcryptokey_15-0.85-1PIGSTY.el9.x86_64.rpm PIGSTY · 0.85 · 16.8KiB	PIGSTY 0.85 el9.x86_64.pg14 : pgcryptokey_14 pgcryptokey_14-0.85-1PIGSTY.el9.x86_64.rpm PIGSTY · 0.85 · 16.8KiB
el9.aarch64	PIGSTY 0.85 el9.aarch64.pg18 : pgcryptokey_18 pgcryptokey_18-0.85-1PIGSTY.el9.aarch64.rpm PIGSTY · 0.85 · 16.9KiB	PGDG 0.85 el9.aarch64.pg17 : pgcryptokey_17 pgcryptokey_17-0.85-6PGDG.rhel9.aarch64.rpm PGDG · 0.85 · 17.4KiB pgcryptokey_17-0.85-1PIGSTY.el9.aarch64.rpm PIGSTY · 0.85 · 16.9KiB	PGDG 0.85 el9.aarch64.pg16 : pgcryptokey_16 pgcryptokey_16-0.85-5PGDG.rhel9.aarch64.rpm PGDG · 0.85 · 17.0KiB pgcryptokey_16-0.85-1PIGSTY.el9.aarch64.rpm PIGSTY · 0.85 · 16.8KiB	PGDG 0.85 el9.aarch64.pg15 : pgcryptokey_15 pgcryptokey_15-0.85-3.rhel9.aarch64.rpm PGDG · 0.85 · 22.4KiB pgcryptokey_15-0.85-1PIGSTY.el9.aarch64.rpm PIGSTY · 0.85 · 16.9KiB	PGDG 0.85 el9.aarch64.pg14 : pgcryptokey_14 pgcryptokey_14-0.85-3.rhel9.aarch64.rpm PGDG · 0.85 · 22.3KiB pgcryptokey_14-0.85-1PIGSTY.el9.aarch64.rpm PIGSTY · 0.85 · 16.8KiB
el10.x86_64	PIGSTY 0.85 el10.x86_64.pg18 : pgcryptokey_18 pgcryptokey_18-0.85-1PIGSTY.el10.x86_64.rpm PIGSTY · 0.85 · 16.8KiB	PGDG 0.85 el10.x86_64.pg17 : pgcryptokey_17 pgcryptokey_17-0.85-8PGDG.rhel10.x86_64.rpm PGDG · 0.85 · 17.9KiB pgcryptokey_17-0.85-1PIGSTY.el10.x86_64.rpm PIGSTY · 0.85 · 16.8KiB	PGDG 0.85 el10.x86_64.pg16 : pgcryptokey_16 pgcryptokey_16-0.85-8PGDG.rhel10.x86_64.rpm PGDG · 0.85 · 17.9KiB pgcryptokey_16-0.85-1PIGSTY.el10.x86_64.rpm PIGSTY · 0.85 · 16.8KiB	PGDG 0.85 el10.x86_64.pg15 : pgcryptokey_15 pgcryptokey_15-0.85-8PGDG.rhel10.x86_64.rpm PGDG · 0.85 · 17.9KiB pgcryptokey_15-0.85-1PIGSTY.el10.x86_64.rpm PIGSTY · 0.85 · 16.8KiB	PGDG 0.85 el10.x86_64.pg14 : pgcryptokey_14 pgcryptokey_14-0.85-8PGDG.rhel10.x86_64.rpm PGDG · 0.85 · 17.9KiB pgcryptokey_14-0.85-1PIGSTY.el10.x86_64.rpm PIGSTY · 0.85 · 16.8KiB
el10.aarch64	PIGSTY 0.85 el10.aarch64.pg18 : pgcryptokey_18 pgcryptokey_18-0.85-1PIGSTY.el10.aarch64.rpm PIGSTY · 0.85 · 17.0KiB	PGDG 0.85 el10.aarch64.pg17 : pgcryptokey_17 pgcryptokey_17-0.85-8PGDG.rhel10.aarch64.rpm PGDG · 0.85 · 17.9KiB pgcryptokey_17-0.85-1PIGSTY.el10.aarch64.rpm PIGSTY · 0.85 · 17.0KiB	PGDG 0.85 el10.aarch64.pg16 : pgcryptokey_16 pgcryptokey_16-0.85-8PGDG.rhel10.aarch64.rpm PGDG · 0.85 · 17.9KiB pgcryptokey_16-0.85-1PIGSTY.el10.aarch64.rpm PIGSTY · 0.85 · 17.0KiB	PGDG 0.85 el10.aarch64.pg15 : pgcryptokey_15 pgcryptokey_15-0.85-8PGDG.rhel10.aarch64.rpm PGDG · 0.85 · 17.9KiB pgcryptokey_15-0.85-1PIGSTY.el10.aarch64.rpm PIGSTY · 0.85 · 17.0KiB	PGDG 0.85 el10.aarch64.pg14 : pgcryptokey_14 pgcryptokey_14-0.85-8PGDG.rhel10.aarch64.rpm PGDG · 0.85 · 17.9KiB pgcryptokey_14-0.85-1PIGSTY.el10.aarch64.rpm PIGSTY · 0.85 · 17.0KiB
d12.x86_64	PIGSTY 0.85 d12.x86_64.pg18 : postgresql-18-pgcryptokey postgresql-18-pgcryptokey_0.85-1PIGSTY~bookworm_amd64.deb PIGSTY · 0.85 · 11.4KiB	PIGSTY 0.85 d12.x86_64.pg17 : postgresql-17-pgcryptokey postgresql-17-pgcryptokey_0.85-1PIGSTY~bookworm_amd64.deb PIGSTY · 0.85 · 11.4KiB	PIGSTY 0.85 d12.x86_64.pg16 : postgresql-16-pgcryptokey postgresql-16-pgcryptokey_0.85-1PIGSTY~bookworm_amd64.deb PIGSTY · 0.85 · 11.4KiB	PIGSTY 0.85 d12.x86_64.pg15 : postgresql-15-pgcryptokey postgresql-15-pgcryptokey_0.85-1PIGSTY~bookworm_amd64.deb PIGSTY · 0.85 · 11.4KiB	PIGSTY 0.85 d12.x86_64.pg14 : postgresql-14-pgcryptokey postgresql-14-pgcryptokey_0.85-1PIGSTY~bookworm_amd64.deb PIGSTY · 0.85 · 11.4KiB
d12.aarch64	PIGSTY 0.85 d12.aarch64.pg18 : postgresql-18-pgcryptokey postgresql-18-pgcryptokey_0.85-1PIGSTY~bookworm_arm64.deb PIGSTY · 0.85 · 11.6KiB	PIGSTY 0.85 d12.aarch64.pg17 : postgresql-17-pgcryptokey postgresql-17-pgcryptokey_0.85-1PIGSTY~bookworm_arm64.deb PIGSTY · 0.85 · 11.5KiB	PIGSTY 0.85 d12.aarch64.pg16 : postgresql-16-pgcryptokey postgresql-16-pgcryptokey_0.85-1PIGSTY~bookworm_arm64.deb PIGSTY · 0.85 · 11.5KiB	PIGSTY 0.85 d12.aarch64.pg15 : postgresql-15-pgcryptokey postgresql-15-pgcryptokey_0.85-1PIGSTY~bookworm_arm64.deb PIGSTY · 0.85 · 11.5KiB	PIGSTY 0.85 d12.aarch64.pg14 : postgresql-14-pgcryptokey postgresql-14-pgcryptokey_0.85-1PIGSTY~bookworm_arm64.deb PIGSTY · 0.85 · 11.5KiB
d13.x86_64	PIGSTY 0.85 d13.x86_64.pg18 : postgresql-18-pgcryptokey postgresql-18-pgcryptokey_0.85-1PIGSTY~trixie_amd64.deb PIGSTY · 0.85 · 11.4KiB	PIGSTY 0.85 d13.x86_64.pg17 : postgresql-17-pgcryptokey postgresql-17-pgcryptokey_0.85-1PIGSTY~trixie_amd64.deb PIGSTY · 0.85 · 11.4KiB	PIGSTY 0.85 d13.x86_64.pg16 : postgresql-16-pgcryptokey postgresql-16-pgcryptokey_0.85-1PIGSTY~trixie_amd64.deb PIGSTY · 0.85 · 11.4KiB	PIGSTY 0.85 d13.x86_64.pg15 : postgresql-15-pgcryptokey postgresql-15-pgcryptokey_0.85-1PIGSTY~trixie_amd64.deb PIGSTY · 0.85 · 11.4KiB	PIGSTY 0.85 d13.x86_64.pg14 : postgresql-14-pgcryptokey postgresql-14-pgcryptokey_0.85-1PIGSTY~trixie_amd64.deb PIGSTY · 0.85 · 11.4KiB
d13.aarch64	PIGSTY 0.85 d13.aarch64.pg18 : postgresql-18-pgcryptokey postgresql-18-pgcryptokey_0.85-1PIGSTY~trixie_arm64.deb PIGSTY · 0.85 · 11.6KiB	PIGSTY 0.85 d13.aarch64.pg17 : postgresql-17-pgcryptokey postgresql-17-pgcryptokey_0.85-1PIGSTY~trixie_arm64.deb PIGSTY · 0.85 · 11.6KiB	PIGSTY 0.85 d13.aarch64.pg16 : postgresql-16-pgcryptokey postgresql-16-pgcryptokey_0.85-1PIGSTY~trixie_arm64.deb PIGSTY · 0.85 · 11.6KiB	PIGSTY 0.85 d13.aarch64.pg15 : postgresql-15-pgcryptokey postgresql-15-pgcryptokey_0.85-1PIGSTY~trixie_arm64.deb PIGSTY · 0.85 · 11.6KiB	PIGSTY 0.85 d13.aarch64.pg14 : postgresql-14-pgcryptokey postgresql-14-pgcryptokey_0.85-1PIGSTY~trixie_arm64.deb PIGSTY · 0.85 · 11.6KiB
u22.x86_64	PIGSTY 0.85 u22.x86_64.pg18 : postgresql-18-pgcryptokey postgresql-18-pgcryptokey_0.85-1PIGSTY~jammy_amd64.deb PIGSTY · 0.85 · 11.5KiB	PIGSTY 0.85 u22.x86_64.pg17 : postgresql-17-pgcryptokey postgresql-17-pgcryptokey_0.85-1PIGSTY~jammy_amd64.deb PIGSTY · 0.85 · 11.7KiB	PIGSTY 0.85 u22.x86_64.pg16 : postgresql-16-pgcryptokey postgresql-16-pgcryptokey_0.85-1PIGSTY~jammy_amd64.deb PIGSTY · 0.85 · 11.7KiB	PIGSTY 0.85 u22.x86_64.pg15 : postgresql-15-pgcryptokey postgresql-15-pgcryptokey_0.85-1PIGSTY~jammy_amd64.deb PIGSTY · 0.85 · 11.7KiB	PIGSTY 0.85 u22.x86_64.pg14 : postgresql-14-pgcryptokey postgresql-14-pgcryptokey_0.85-1PIGSTY~jammy_amd64.deb PIGSTY · 0.85 · 11.6KiB
u22.aarch64	PIGSTY 0.85 u22.aarch64.pg18 : postgresql-18-pgcryptokey postgresql-18-pgcryptokey_0.85-1PIGSTY~jammy_arm64.deb PIGSTY · 0.85 · 11.5KiB	PIGSTY 0.85 u22.aarch64.pg17 : postgresql-17-pgcryptokey postgresql-17-pgcryptokey_0.85-1PIGSTY~jammy_arm64.deb PIGSTY · 0.85 · 11.8KiB	PIGSTY 0.85 u22.aarch64.pg16 : postgresql-16-pgcryptokey postgresql-16-pgcryptokey_0.85-1PIGSTY~jammy_arm64.deb PIGSTY · 0.85 · 11.8KiB	PIGSTY 0.85 u22.aarch64.pg15 : postgresql-15-pgcryptokey postgresql-15-pgcryptokey_0.85-1PIGSTY~jammy_arm64.deb PIGSTY · 0.85 · 11.8KiB	PIGSTY 0.85 u22.aarch64.pg14 : postgresql-14-pgcryptokey postgresql-14-pgcryptokey_0.85-1PIGSTY~jammy_arm64.deb PIGSTY · 0.85 · 11.7KiB
u24.x86_64	PIGSTY 0.85 u24.x86_64.pg18 : postgresql-18-pgcryptokey postgresql-18-pgcryptokey_0.85-1PIGSTY~noble_amd64.deb PIGSTY · 0.85 · 11.6KiB	PIGSTY 0.85 u24.x86_64.pg17 : postgresql-17-pgcryptokey postgresql-17-pgcryptokey_0.85-1PIGSTY~noble_amd64.deb PIGSTY · 0.85 · 11.6KiB	PIGSTY 0.85 u24.x86_64.pg16 : postgresql-16-pgcryptokey postgresql-16-pgcryptokey_0.85-1PIGSTY~noble_amd64.deb PIGSTY · 0.85 · 11.6KiB	PIGSTY 0.85 u24.x86_64.pg15 : postgresql-15-pgcryptokey postgresql-15-pgcryptokey_0.85-1PIGSTY~noble_amd64.deb PIGSTY · 0.85 · 11.6KiB	PIGSTY 0.85 u24.x86_64.pg14 : postgresql-14-pgcryptokey postgresql-14-pgcryptokey_0.85-1PIGSTY~noble_amd64.deb PIGSTY · 0.85 · 11.6KiB
u24.aarch64	PIGSTY 0.85 u24.aarch64.pg18 : postgresql-18-pgcryptokey postgresql-18-pgcryptokey_0.85-1PIGSTY~noble_arm64.deb PIGSTY · 0.85 · 11.4KiB	PIGSTY 0.85 u24.aarch64.pg17 : postgresql-17-pgcryptokey postgresql-17-pgcryptokey_0.85-1PIGSTY~noble_arm64.deb PIGSTY · 0.85 · 11.4KiB	PIGSTY 0.85 u24.aarch64.pg16 : postgresql-16-pgcryptokey postgresql-16-pgcryptokey_0.85-1PIGSTY~noble_arm64.deb PIGSTY · 0.85 · 11.4KiB	PIGSTY 0.85 u24.aarch64.pg15 : postgresql-15-pgcryptokey postgresql-15-pgcryptokey_0.85-1PIGSTY~noble_arm64.deb PIGSTY · 0.85 · 11.4KiB	PIGSTY 0.85 u24.aarch64.pg14 : postgresql-14-pgcryptokey postgresql-14-pgcryptokey_0.85-1PIGSTY~noble_arm64.deb PIGSTY · 0.85 · 11.4KiB

构建

您可以使用 pig build 命令构建 pgcryptokey 扩展的 RPM / DEB 包：

pig build pkg pgcryptokey         # 构建 RPM / DEB 包

安装

您可以直接安装 pgcryptokey 扩展包的预置二进制包，首先确保 PGDG 和 PIGSTY 仓库已经添加并启用：

pig repo add pgsql -u          # 添加仓库并更新缓存

使用 pig 或者是 apt/yum/dnf 安装扩展：

pig install pgcryptokey;          # 当前活跃 PG 版本安装

pig ext install -y pgcryptokey -v 18  # PG 18
pig ext install -y pgcryptokey -v 17  # PG 17
pig ext install -y pgcryptokey -v 16  # PG 16
pig ext install -y pgcryptokey -v 15  # PG 15
pig ext install -y pgcryptokey -v 14  # PG 14

dnf install -y pgcryptokey_18       # PG 18
dnf install -y pgcryptokey_17       # PG 17
dnf install -y pgcryptokey_16       # PG 16
dnf install -y pgcryptokey_15       # PG 15
dnf install -y pgcryptokey_14       # PG 14

apt install -y postgresql-18-pgcryptokey   # PG 18
apt install -y postgresql-17-pgcryptokey   # PG 17
apt install -y postgresql-16-pgcryptokey   # PG 16
apt install -y postgresql-15-pgcryptokey   # PG 15
apt install -y postgresql-14-pgcryptokey   # PG 14

创建扩展：

CREATE EXTENSION pgcryptokey CASCADE;  -- 依赖: pgcrypto

用法

pgcryptokey: PostgreSQL 加密密钥管理

pgcryptokey 在 PostgreSQL 内部管理加密数据密钥。密钥以加密方式存储，通过访问密码保护，支持系统级和会话级密钥访问。

CREATE EXTENSION pgcryptokey;

密钥管理函数

函数	描述
`create_cryptokey(name, byte_len)`	生成新的加密密钥
`set_cryptokey(name)`	设置当前活动密钥
`get_cryptokey(name)`	获取密钥材料
`drop_cryptokey(name)`	删除密钥
`supersede_cryptokey()`	轮换到新密钥（相同访问密码）
`change_key_access_password()`	更新密钥认证凭据
`reencrypt_data()`	使用不同密钥重新加密数据

会话控制

函数	描述
`get_shared_key()`	建立客户端/服务器共享密钥（仅 SSL/Unix）
`set_session_access_password()`	客户端提供的密码认证

典型工作流程

-- 创建密钥
SELECT create_cryptokey('mykey', 32);

-- 设置活动密钥
SELECT set_cryptokey('mykey');

-- 使用 pgcrypto 函数和托管密钥加密数据
UPDATE secrets SET data = pgp_sym_encrypt(plaintext, get_cryptokey('mykey'));

-- 解密数据
SELECT pgp_sym_decrypt(data, get_cryptokey('mykey')) FROM secrets;

-- 轮换密钥
SELECT supersede_cryptokey();

访问密码可以在数据库启动时配置以实现系统级访问，也可以由各个客户端按会话配置以实现细粒度安全控制。

意见反馈

这个页面对您有帮助吗？

感谢反馈！请告诉我们如何改进。

抱歉给您带来不便。请告诉我们如何改进。

最后修改 2026-03-14: update extension metadata (953cbd0)