Encrypt Your Database
Share KeePass Passwords with your Team of multiple users
By default the Pleasant Password Server built-in SQLite database is encrypted.
Below are encryption alternatives listed that you may consider. Be sure to follow the steps or links below to configure the encryption for your alternate database (i.e. PostgreSQL, SQL Server, Azure).
Database encryption alternatives:
-
SQLite - (default)
-
MS-SQL / PostgreSQL
-
Volume Encryption - (system volume)
-
Vendor Database Encryption - (solutions/patches)
- Cloud Database Platforms - (scalable encrypted)
SQLite
- Encrypted by default.
PostgreSQL
-
TDE Encryption:
-
A TDE Encryption database download is available from 3rd Party solutions (see below).
-
It is not yet implemented by default into the PostgreSQL core, and will be installed as a database version.
- TDE Vendor Solutions: See section below for additional options.
-
-
Volume Encryption:
- See section "System Volume Encryption" (below)
MSSQL
MSSQL database encryption is supported, including the High-Availability option: "Always On" Availability Groups.
-
TDE Encryption:
- Fully Supported. Below are steps to apply and revert transparent encryption to the whole database.
- TDE Encryption Setup Steps (Versions: 2008-2019; in 2019 TDE is available in Standard edition, and Developer, Enterprise, Datacenter editions)
- TDE Vendor Solutions: See section below for additional options.
-
Volume Encryption:
- See section "System Volume Encryption" (below)
-
Column-Level Encryption ("Always Encryption"):
- Not Supported. This encryption model would not facilitate convenient handling of application searches and so has not been included
Azure SQL
Paid subscription model, includes TDE encryption by default.
-
Microsoft: TDE Encryption for Azure
Cloud Database Encryption
Major Cloud Providers provide TDE Encrypted volumes (eg. Azure DB, MS-SQL, PostgreSQL) which often have the added feature of being a scalable database, that let's you scale up the size and service as the database needs grow. For example:
- AWS
- Azure
- GCP
Vendor Encryption Solutions
Please Note:
- Pleasant Solutions has provided this information as a convenience to you, but does does not officially recommend Third-Party provider solutions. Pleasant Solutions has not audited and does not control or manage these products and cannot confirm the quality or safety of using these listed.
Database Patches
The following companies offer TDE (transparent database encryption) solutions
MS-SQL / PostgreSQL:
- Vormetric (by Thales)
- Encryptionizer (by NetLib Security)
MS-SQL (only):
- DBDefence (by Activecrypt)
PostgreSQL (only):
- PostgreSQL TDE for linux (by CYBERTEC)
- FUJITSU Enterprise Postgres (by FUJITSU)
- NEC PostgreSQL (by NEC Japan)
System Volume Encryption
The following companies offer disk/volume encryption:
-
BitLocker (by Microsoft): included in some windows versions
-
BestCrypt (by Jetico)
- dm-crypt (for Linux)
-
LUKS (for Linux)
Hardware Security Module (HSM)
The following is mentioned for completeness, as they are typically cost prohibitive for the average consumer.
Organizations offering hardware modules which provide TDE database encryption.
- Thales HSM (by Thales)
- Townsend HSM (by Townsend Security)
- KeySecure (by Thales Gemalto SafeNet)