pgcryptokey

pgcryptokey : cryptographic key management

Overview

ID	Extension	Package	Version	Category	License	Language
7320	pgcryptokey	pgcryptokey	`0.85`	SEC	PostgreSQL	C

Attribute	Has Binary	Has Library	Need Load	Has DDL	Relocatable	Trusted
--s-d-r	No	Yes	No	Yes	yes	no

Relationships
Requires	pgcrypto
See Also	pgsodium pgsmcrypto pg_tde faker passwordcheck_cracklib supautils supabase_vault

missing 14 on el pgdg repo

Packages

Type	Repo	Version	PG Major Compatibility	Package Pattern	Dependencies
EXT	MIXED	`0.85`	18 17 16 15 14	`pgcryptokey`	`pgcrypto`
RPM	PIGSTY	`0.85`	18 17 16 15 14	`pgcryptokey_$v`	-
DEB	PIGSTY	`0.85`	18 17 16 15 14	`postgresql-$v-pgcryptokey`	-

Linux / PG	PG18	PG17	PG16	PG15	PG14
el8.x86_64	PIGSTY 0.85	PGDG 0.85	PGDG 0.85	PGDG 0.85	PGDG 0.85
el8.aarch64	PIGSTY 0.85	PGDG 0.85	PGDG 0.85	PGDG 0.85	PGDG 0.85
el9.x86_64	PIGSTY 0.85	PGDG 0.85	PGDG 0.85	PGDG 0.85	PIGSTY 0.85
el9.aarch64	PIGSTY 0.85	PGDG 0.85	PGDG 0.85	PGDG 0.85	PGDG 0.85
el10.x86_64	PIGSTY 0.85	PGDG 0.85	PGDG 0.85	PGDG 0.85	PGDG 0.85
el10.aarch64	PIGSTY 0.85	PGDG 0.85	PGDG 0.85	PGDG 0.85	PGDG 0.85
d12.x86_64	PIGSTY 0.85	PIGSTY 0.85	PIGSTY 0.85	PIGSTY 0.85	PIGSTY 0.85
d12.aarch64	PIGSTY 0.85	PIGSTY 0.85	PIGSTY 0.85	PIGSTY 0.85	PIGSTY 0.85
d13.x86_64	PIGSTY 0.85	PIGSTY 0.85	PIGSTY 0.85	PIGSTY 0.85	PIGSTY 0.85
d13.aarch64	PIGSTY 0.85	PIGSTY 0.85	PIGSTY 0.85	PIGSTY 0.85	PIGSTY 0.85
u22.x86_64	PIGSTY 0.85	PIGSTY 0.85	PIGSTY 0.85	PIGSTY 0.85	PIGSTY 0.85
u22.aarch64	PIGSTY 0.85	PIGSTY 0.85	PIGSTY 0.85	PIGSTY 0.85	PIGSTY 0.85
u24.x86_64	PIGSTY 0.85	PIGSTY 0.85	PIGSTY 0.85	PIGSTY 0.85	PIGSTY 0.85
u24.aarch64	PIGSTY 0.85	PIGSTY 0.85	PIGSTY 0.85	PIGSTY 0.85	PIGSTY 0.85

Package	Version	OS	ORG	SIZE	File URL
`pgcryptokey_18`	`0.85`	el8.x86_64	pigsty	16.8 KiB	pgcryptokey_18-0.85-1PIGSTY.el8.x86_64.rpm
`pgcryptokey_18`	`0.85`	el8.aarch64	pigsty	17.1 KiB	pgcryptokey_18-0.85-1PIGSTY.el8.aarch64.rpm
`pgcryptokey_18`	`0.85`	el9.x86_64	pigsty	16.8 KiB	pgcryptokey_18-0.85-1PIGSTY.el9.x86_64.rpm
`pgcryptokey_18`	`0.85`	el9.aarch64	pigsty	16.9 KiB	pgcryptokey_18-0.85-1PIGSTY.el9.aarch64.rpm
`pgcryptokey_18`	`0.85`	el10.x86_64	pigsty	16.8 KiB	pgcryptokey_18-0.85-1PIGSTY.el10.x86_64.rpm
`pgcryptokey_18`	`0.85`	el10.aarch64	pigsty	17.0 KiB	pgcryptokey_18-0.85-1PIGSTY.el10.aarch64.rpm
`postgresql-18-pgcryptokey`	`0.85`	d12.x86_64	pigsty	11.4 KiB	postgresql-18-pgcryptokey_0.85-1PIGSTY~bookworm_amd64.deb
`postgresql-18-pgcryptokey`	`0.85`	d12.aarch64	pigsty	11.6 KiB	postgresql-18-pgcryptokey_0.85-1PIGSTY~bookworm_arm64.deb
`postgresql-18-pgcryptokey`	`0.85`	d13.x86_64	pigsty	11.4 KiB	postgresql-18-pgcryptokey_0.85-1PIGSTY~trixie_amd64.deb
`postgresql-18-pgcryptokey`	`0.85`	d13.aarch64	pigsty	11.6 KiB	postgresql-18-pgcryptokey_0.85-1PIGSTY~trixie_arm64.deb
`postgresql-18-pgcryptokey`	`0.85`	u22.x86_64	pigsty	11.5 KiB	postgresql-18-pgcryptokey_0.85-1PIGSTY~jammy_amd64.deb
`postgresql-18-pgcryptokey`	`0.85`	u22.aarch64	pigsty	11.5 KiB	postgresql-18-pgcryptokey_0.85-1PIGSTY~jammy_arm64.deb
`postgresql-18-pgcryptokey`	`0.85`	u24.x86_64	pigsty	11.6 KiB	postgresql-18-pgcryptokey_0.85-1PIGSTY~noble_amd64.deb
`postgresql-18-pgcryptokey`	`0.85`	u24.aarch64	pigsty	11.4 KiB	postgresql-18-pgcryptokey_0.85-1PIGSTY~noble_arm64.deb

Package	Version	OS	ORG	SIZE	File URL
`pgcryptokey_17`	`0.85`	el8.x86_64	pgdg	18.1 KiB	pgcryptokey_17-0.85-6PGDG.rhel8.x86_64.rpm
`pgcryptokey_17`	`0.85`	el8.x86_64	pigsty	16.8 KiB	pgcryptokey_17-0.85-1PIGSTY.el8.x86_64.rpm
`pgcryptokey_17`	`0.85`	el8.aarch64	pgdg	18.2 KiB	pgcryptokey_17-0.85-6PGDG.rhel8.aarch64.rpm
`pgcryptokey_17`	`0.85`	el8.aarch64	pigsty	17.1 KiB	pgcryptokey_17-0.85-1PIGSTY.el8.aarch64.rpm
`pgcryptokey_17`	`0.85`	el9.x86_64	pgdg	17.5 KiB	pgcryptokey_17-0.85-6PGDG.rhel9.x86_64.rpm
`pgcryptokey_17`	`0.85`	el9.x86_64	pigsty	16.8 KiB	pgcryptokey_17-0.85-1PIGSTY.el9.x86_64.rpm
`pgcryptokey_17`	`0.85`	el9.aarch64	pgdg	17.4 KiB	pgcryptokey_17-0.85-6PGDG.rhel9.aarch64.rpm
`pgcryptokey_17`	`0.85`	el9.aarch64	pigsty	16.9 KiB	pgcryptokey_17-0.85-1PIGSTY.el9.aarch64.rpm
`pgcryptokey_17`	`0.85`	el10.x86_64	pgdg	17.9 KiB	pgcryptokey_17-0.85-8PGDG.rhel10.x86_64.rpm
`pgcryptokey_17`	`0.85`	el10.x86_64	pigsty	16.8 KiB	pgcryptokey_17-0.85-1PIGSTY.el10.x86_64.rpm
`pgcryptokey_17`	`0.85`	el10.aarch64	pgdg	17.9 KiB	pgcryptokey_17-0.85-8PGDG.rhel10.aarch64.rpm
`pgcryptokey_17`	`0.85`	el10.aarch64	pigsty	17.0 KiB	pgcryptokey_17-0.85-1PIGSTY.el10.aarch64.rpm
`postgresql-17-pgcryptokey`	`0.85`	d12.x86_64	pigsty	11.4 KiB	postgresql-17-pgcryptokey_0.85-1PIGSTY~bookworm_amd64.deb
`postgresql-17-pgcryptokey`	`0.85`	d12.aarch64	pigsty	11.5 KiB	postgresql-17-pgcryptokey_0.85-1PIGSTY~bookworm_arm64.deb
`postgresql-17-pgcryptokey`	`0.85`	d13.x86_64	pigsty	11.4 KiB	postgresql-17-pgcryptokey_0.85-1PIGSTY~trixie_amd64.deb
`postgresql-17-pgcryptokey`	`0.85`	d13.aarch64	pigsty	11.6 KiB	postgresql-17-pgcryptokey_0.85-1PIGSTY~trixie_arm64.deb
`postgresql-17-pgcryptokey`	`0.85`	u22.x86_64	pigsty	11.7 KiB	postgresql-17-pgcryptokey_0.85-1PIGSTY~jammy_amd64.deb
`postgresql-17-pgcryptokey`	`0.85`	u22.aarch64	pigsty	11.8 KiB	postgresql-17-pgcryptokey_0.85-1PIGSTY~jammy_arm64.deb
`postgresql-17-pgcryptokey`	`0.85`	u24.x86_64	pigsty	11.6 KiB	postgresql-17-pgcryptokey_0.85-1PIGSTY~noble_amd64.deb
`postgresql-17-pgcryptokey`	`0.85`	u24.aarch64	pigsty	11.4 KiB	postgresql-17-pgcryptokey_0.85-1PIGSTY~noble_arm64.deb

Package	Version	OS	ORG	SIZE	File URL
`pgcryptokey_16`	`0.85`	el8.x86_64	pgdg	18.0 KiB	pgcryptokey_16-0.85-5PGDG.rhel8.x86_64.rpm
`pgcryptokey_16`	`0.85`	el8.x86_64	pigsty	16.8 KiB	pgcryptokey_16-0.85-1PIGSTY.el8.x86_64.rpm
`pgcryptokey_16`	`0.85`	el8.aarch64	pgdg	18.1 KiB	pgcryptokey_16-0.85-5PGDG.rhel8.aarch64.rpm
`pgcryptokey_16`	`0.85`	el8.aarch64	pigsty	17.1 KiB	pgcryptokey_16-0.85-1PIGSTY.el8.aarch64.rpm
`pgcryptokey_16`	`0.85`	el9.x86_64	pgdg	17.3 KiB	pgcryptokey_16-0.85-5PGDG.rhel9.x86_64.rpm
`pgcryptokey_16`	`0.85`	el9.x86_64	pigsty	16.8 KiB	pgcryptokey_16-0.85-1PIGSTY.el9.x86_64.rpm
`pgcryptokey_16`	`0.85`	el9.aarch64	pgdg	17.0 KiB	pgcryptokey_16-0.85-5PGDG.rhel9.aarch64.rpm
`pgcryptokey_16`	`0.85`	el9.aarch64	pigsty	16.8 KiB	pgcryptokey_16-0.85-1PIGSTY.el9.aarch64.rpm
`pgcryptokey_16`	`0.85`	el10.x86_64	pgdg	17.9 KiB	pgcryptokey_16-0.85-8PGDG.rhel10.x86_64.rpm
`pgcryptokey_16`	`0.85`	el10.x86_64	pigsty	16.8 KiB	pgcryptokey_16-0.85-1PIGSTY.el10.x86_64.rpm
`pgcryptokey_16`	`0.85`	el10.aarch64	pgdg	17.9 KiB	pgcryptokey_16-0.85-8PGDG.rhel10.aarch64.rpm
`pgcryptokey_16`	`0.85`	el10.aarch64	pigsty	17.0 KiB	pgcryptokey_16-0.85-1PIGSTY.el10.aarch64.rpm
`postgresql-16-pgcryptokey`	`0.85`	d12.x86_64	pigsty	11.4 KiB	postgresql-16-pgcryptokey_0.85-1PIGSTY~bookworm_amd64.deb
`postgresql-16-pgcryptokey`	`0.85`	d12.aarch64	pigsty	11.5 KiB	postgresql-16-pgcryptokey_0.85-1PIGSTY~bookworm_arm64.deb
`postgresql-16-pgcryptokey`	`0.85`	d13.x86_64	pigsty	11.4 KiB	postgresql-16-pgcryptokey_0.85-1PIGSTY~trixie_amd64.deb
`postgresql-16-pgcryptokey`	`0.85`	d13.aarch64	pigsty	11.6 KiB	postgresql-16-pgcryptokey_0.85-1PIGSTY~trixie_arm64.deb
`postgresql-16-pgcryptokey`	`0.85`	u22.x86_64	pigsty	11.7 KiB	postgresql-16-pgcryptokey_0.85-1PIGSTY~jammy_amd64.deb
`postgresql-16-pgcryptokey`	`0.85`	u22.aarch64	pigsty	11.8 KiB	postgresql-16-pgcryptokey_0.85-1PIGSTY~jammy_arm64.deb
`postgresql-16-pgcryptokey`	`0.85`	u24.x86_64	pigsty	11.6 KiB	postgresql-16-pgcryptokey_0.85-1PIGSTY~noble_amd64.deb
`postgresql-16-pgcryptokey`	`0.85`	u24.aarch64	pigsty	11.4 KiB	postgresql-16-pgcryptokey_0.85-1PIGSTY~noble_arm64.deb

Package	Version	OS	ORG	SIZE	File URL
`pgcryptokey_15`	`0.85`	el8.x86_64	pgdg	22.4 KiB	pgcryptokey_15-0.85-3.rhel8.x86_64.rpm
`pgcryptokey_15`	`0.85`	el8.x86_64	pigsty	16.8 KiB	pgcryptokey_15-0.85-1PIGSTY.el8.x86_64.rpm
`pgcryptokey_15`	`0.85`	el8.aarch64	pgdg	22.4 KiB	pgcryptokey_15-0.85-3.rhel8.aarch64.rpm
`pgcryptokey_15`	`0.85`	el8.aarch64	pigsty	17.1 KiB	pgcryptokey_15-0.85-1PIGSTY.el8.aarch64.rpm
`pgcryptokey_15`	`0.85`	el9.x86_64	pgdg	22.7 KiB	pgcryptokey_15-0.85-3.rhel9.x86_64.rpm
`pgcryptokey_15`	`0.85`	el9.x86_64	pigsty	16.8 KiB	pgcryptokey_15-0.85-1PIGSTY.el9.x86_64.rpm
`pgcryptokey_15`	`0.85`	el9.aarch64	pgdg	22.4 KiB	pgcryptokey_15-0.85-3.rhel9.aarch64.rpm
`pgcryptokey_15`	`0.85`	el9.aarch64	pigsty	16.9 KiB	pgcryptokey_15-0.85-1PIGSTY.el9.aarch64.rpm
`pgcryptokey_15`	`0.85`	el10.x86_64	pgdg	17.9 KiB	pgcryptokey_15-0.85-8PGDG.rhel10.x86_64.rpm
`pgcryptokey_15`	`0.85`	el10.x86_64	pigsty	16.8 KiB	pgcryptokey_15-0.85-1PIGSTY.el10.x86_64.rpm
`pgcryptokey_15`	`0.85`	el10.aarch64	pgdg	17.9 KiB	pgcryptokey_15-0.85-8PGDG.rhel10.aarch64.rpm
`pgcryptokey_15`	`0.85`	el10.aarch64	pigsty	17.0 KiB	pgcryptokey_15-0.85-1PIGSTY.el10.aarch64.rpm
`postgresql-15-pgcryptokey`	`0.85`	d12.x86_64	pigsty	11.4 KiB	postgresql-15-pgcryptokey_0.85-1PIGSTY~bookworm_amd64.deb
`postgresql-15-pgcryptokey`	`0.85`	d12.aarch64	pigsty	11.5 KiB	postgresql-15-pgcryptokey_0.85-1PIGSTY~bookworm_arm64.deb
`postgresql-15-pgcryptokey`	`0.85`	d13.x86_64	pigsty	11.4 KiB	postgresql-15-pgcryptokey_0.85-1PIGSTY~trixie_amd64.deb
`postgresql-15-pgcryptokey`	`0.85`	d13.aarch64	pigsty	11.6 KiB	postgresql-15-pgcryptokey_0.85-1PIGSTY~trixie_arm64.deb
`postgresql-15-pgcryptokey`	`0.85`	u22.x86_64	pigsty	11.7 KiB	postgresql-15-pgcryptokey_0.85-1PIGSTY~jammy_amd64.deb
`postgresql-15-pgcryptokey`	`0.85`	u22.aarch64	pigsty	11.8 KiB	postgresql-15-pgcryptokey_0.85-1PIGSTY~jammy_arm64.deb
`postgresql-15-pgcryptokey`	`0.85`	u24.x86_64	pigsty	11.6 KiB	postgresql-15-pgcryptokey_0.85-1PIGSTY~noble_amd64.deb
`postgresql-15-pgcryptokey`	`0.85`	u24.aarch64	pigsty	11.4 KiB	postgresql-15-pgcryptokey_0.85-1PIGSTY~noble_arm64.deb

Package	Version	OS	ORG	SIZE	File URL
`pgcryptokey_14`	`0.85`	el8.x86_64	pgdg	22.6 KiB	pgcryptokey_14-0.85-3.rhel8.x86_64.rpm
`pgcryptokey_14`	`0.85`	el8.x86_64	pigsty	16.8 KiB	pgcryptokey_14-0.85-1PIGSTY.el8.x86_64.rpm
`pgcryptokey_14`	`0.85`	el8.aarch64	pgdg	22.4 KiB	pgcryptokey_14-0.85-3.rhel8.aarch64.rpm
`pgcryptokey_14`	`0.85`	el8.aarch64	pigsty	17.1 KiB	pgcryptokey_14-0.85-1PIGSTY.el8.aarch64.rpm
`pgcryptokey_14`	`0.85`	el9.x86_64	pigsty	16.8 KiB	pgcryptokey_14-0.85-1PIGSTY.el9.x86_64.rpm
`pgcryptokey_14`	`0.85`	el9.aarch64	pgdg	22.3 KiB	pgcryptokey_14-0.85-3.rhel9.aarch64.rpm
`pgcryptokey_14`	`0.85`	el9.aarch64	pigsty	16.8 KiB	pgcryptokey_14-0.85-1PIGSTY.el9.aarch64.rpm
`pgcryptokey_14`	`0.85`	el10.x86_64	pgdg	17.9 KiB	pgcryptokey_14-0.85-8PGDG.rhel10.x86_64.rpm
`pgcryptokey_14`	`0.85`	el10.x86_64	pigsty	16.8 KiB	pgcryptokey_14-0.85-1PIGSTY.el10.x86_64.rpm
`pgcryptokey_14`	`0.85`	el10.aarch64	pgdg	17.9 KiB	pgcryptokey_14-0.85-8PGDG.rhel10.aarch64.rpm
`pgcryptokey_14`	`0.85`	el10.aarch64	pigsty	17.0 KiB	pgcryptokey_14-0.85-1PIGSTY.el10.aarch64.rpm
`postgresql-14-pgcryptokey`	`0.85`	d12.x86_64	pigsty	11.4 KiB	postgresql-14-pgcryptokey_0.85-1PIGSTY~bookworm_amd64.deb
`postgresql-14-pgcryptokey`	`0.85`	d12.aarch64	pigsty	11.5 KiB	postgresql-14-pgcryptokey_0.85-1PIGSTY~bookworm_arm64.deb
`postgresql-14-pgcryptokey`	`0.85`	d13.x86_64	pigsty	11.4 KiB	postgresql-14-pgcryptokey_0.85-1PIGSTY~trixie_amd64.deb
`postgresql-14-pgcryptokey`	`0.85`	d13.aarch64	pigsty	11.6 KiB	postgresql-14-pgcryptokey_0.85-1PIGSTY~trixie_arm64.deb
`postgresql-14-pgcryptokey`	`0.85`	u22.x86_64	pigsty	11.6 KiB	postgresql-14-pgcryptokey_0.85-1PIGSTY~jammy_amd64.deb
`postgresql-14-pgcryptokey`	`0.85`	u22.aarch64	pigsty	11.7 KiB	postgresql-14-pgcryptokey_0.85-1PIGSTY~jammy_arm64.deb
`postgresql-14-pgcryptokey`	`0.85`	u24.x86_64	pigsty	11.6 KiB	postgresql-14-pgcryptokey_0.85-1PIGSTY~noble_amd64.deb
`postgresql-14-pgcryptokey`	`0.85`	u24.aarch64	pigsty	11.4 KiB	postgresql-14-pgcryptokey_0.85-1PIGSTY~noble_arm64.deb

Source

Repository

momjian.us/download/pgcryptokey/

Source Tarball

pgcryptokey-0.85.tar.gz

pig build pkg pgcryptokey;		# build rpm/deb

Install

Make sure PGDG and PIGSTY repo available:

pig repo add pgsql -u   # add both repo and update cache

Install this extension with pig:

pig install pgcryptokey;		# install via package name, for the active PG version

pig install pgcryptokey -v 18;   # install for PG 18
pig install pgcryptokey -v 17;   # install for PG 17
pig install pgcryptokey -v 16;   # install for PG 16
pig install pgcryptokey -v 15;   # install for PG 15
pig install pgcryptokey -v 14;   # install for PG 14

Create this extension with:

CREATE EXTENSION pgcryptokey CASCADE; -- requires pgcrypto

Usage

pgcryptokey: Cryptographic key management for PostgreSQL

pgcryptokey manages cryptographic data encryption keys within PostgreSQL. Keys are stored encrypted and secured by access passwords, supporting both system-wide and per-session key access.

CREATE EXTENSION pgcryptokey;

Key Management Functions

Function	Description
`create_cryptokey(name, byte_len)`	Generate a new cryptographic key
`set_cryptokey(name)`	Set the active key for operations
`get_cryptokey(name)`	Retrieve key material
`drop_cryptokey(name)`	Remove a key
`supersede_cryptokey()`	Rotate to a new key (same access password)
`change_key_access_password()`	Update key authentication credentials
`reencrypt_data()`	Re-encrypt data with a different key

Session Control

Function	Description
`get_shared_key()`	Establish client/server shared secret (SSL/Unix only)
`set_session_access_password()`	Client-supplied password authentication

Typical Workflow

-- Create a key
SELECT create_cryptokey('mykey', 32);

-- Set active key
SELECT set_cryptokey('mykey');

-- Encrypt data using pgcrypto functions with the managed key
UPDATE secrets SET data = pgp_sym_encrypt(plaintext, get_cryptokey('mykey'));

-- Decrypt data
SELECT pgp_sym_decrypt(data, get_cryptokey('mykey')) FROM secrets;

-- Rotate key
SELECT supersede_cryptokey();

Access passwords can be configured at database boot time for system-wide access, or per-session by individual clients for granular security control.

Last updated on 2026-03-12

credcheck pg_pwhash