Info
KeePass Hub
B. Server Configuration
4) Changing databases for Pleasant Password Server
Encrypt Your Database
SQL Server TDE Encryption
Find a Connection String
Change the Service Account User
Database Configuration for Older Versions
SQL Maintenance Scripts
Sitemap
Info  >  KeePass Hub  >  B. Server Configuration  >  4) Changing databases for Pleasant Password Server  >  Encrypt Your Database Page last modified Apr 30 2023, 07:06

Encrypt Your Database

Share KeePass Passwords with your Team of multiple users

By default the Pleasant Password Server built-in SQLite database is encrypted.

Below are encryption alternatives listed that you may consider. Be sure to follow the steps or links below to configure the encryption for your alternate database (i.e. PostgreSQL, SQL Server, Azure). 

Database encryption alternatives:

  • SQLite - (default)

  • MS-SQL PostgreSQL

  • Volume Encryption - (system volume)

  • Vendor Database Encryption - (solutions/patches)

  • Cloud Database Platforms - (scalable encrypted)

SQLite

  • Encrypted by default.

PostgreSQL

  • TDE Encryption: 

    • A TDE Encryption database download is available from 3rd Party solutions (see below).

    • It is not yet implemented by default into the PostgreSQL core, and will be installed as a database version. 

    • TDE Vendor Solutions: See section below for additional options.

  • Volume Encryption:

    • See section "System Volume Encryption" (below)

MSSQL

MSSQL database encryption is supported, including the High-Availability option: "Always On" Availability Groups.

  • TDE Encryption: 

    • Fully Supported. Below are steps to apply and revert transparent encryption to the whole database.
    • TDE Encryption Setup Steps    (Versions: 2008-2019; in 2019 TDE is available in Standard edition, and Developer, Enterprise, Datacenter editions)
    • TDE Vendor Solutions: See section below for additional options.

  • Volume Encryption:

    • See section "System Volume Encryption" (below)

  • Column-Level Encryption ("Always Encryption"):

    • Not Supported. This encryption model would not facilitate convenient handling of application searches and so has not been included

Azure SQL

Paid subscription model, includes TDE encryption by default.

Cloud Database Encryption

Major Cloud Providers provide TDE Encrypted volumes (eg. Azure DB, MS-SQL, PostgreSQL) which often have the added feature of being a scalable database, that let's you scale up the size and service as the database needs grow. For example:

  • AWS
  • Azure
  • GCP

Vendor Encryption Solutions​

Please Note:

  • Pleasant Solutions has provided this information as a convenience to you, but does does not officially recommend Third-Party provider solutions. Pleasant Solutions has not audited and does not control or manage these products and cannot confirm the quality or safety of using these listed.

Database Patches

The following companies offer TDE (transparent database encryption) solutions

MS-SQL / PostgreSQL:

MS-SQL (only):

PostgreSQL (only):

System Volume Encryption

The following companies offer disk/volume encryption:

  • BitLocker (by Microsoft): included in some windows versions

  • BestCrypt (by Jetico)

  • dm-crypt (for Linux)

  • LUKS (for Linux)

Hardware Security Module (HSM)

The following is mentioned for completeness, as they are typically cost prohibitive for the average consumer.

Organizations offering hardware modules which provide TDE database encryption.