{"slug": "ask-hn-two-specific-postgres-encrypt-questions", "title": "Ask HN: Two specific Postgres encrypt questions", "summary": "A Hacker News user asks for recommendations on encrypting PostgreSQL data at rest without purchasing software, and whether the PEM passphrase must be retained after configuring TLS/SSL.", "body_md": "HN,\n\n(A) What are the recommended ways to encode Postrgres data at rest (tables+indexes+rows)? The Postgres documentation suggests options [0], but I have no familiarity with any. I prefer to not purchase something.\n\n(B) When configuring Postgres with TLS/SSL, one needs to make private keys [1] which can lead to a prompt for a PEM pass phrase. Once all done with Postgres running, do I need to retain the PEM passkey? (The private key itself needs to be retained, of course).\n\n[0] https://www.postgresql.org/docs/18/encryption-options.html\n\n[1] openssl genrsa -aes256 -out Enter PEM pass phrase: ...\n\nComments URL: [https://news.ycombinator.com/item?id=48626895](https://news.ycombinator.com/item?id=48626895)\n\nPoints: 1\n\n# Comments: 0", "url": "https://wpnews.pro/news/ask-hn-two-specific-postgres-encrypt-questions", "canonical_source": "https://news.ycombinator.com/item?id=48626895", "published_at": "2026-06-22 07:25:28+00:00", "updated_at": "2026-06-22 07:41:08.092721+00:00", "lang": "en", "topics": ["ai-tools"], "entities": ["PostgreSQL"], "alternates": {"html": "https://wpnews.pro/news/ask-hn-two-specific-postgres-encrypt-questions", "markdown": "https://wpnews.pro/news/ask-hn-two-specific-postgres-encrypt-questions.md", "text": "https://wpnews.pro/news/ask-hn-two-specific-postgres-encrypt-questions.txt", "jsonld": "https://wpnews.pro/news/ask-hn-two-specific-postgres-encrypt-questions.jsonld"}}