# EnterpriseDB (PostgresSQL from EnterpriseDB)

# EnterpriseDB PosgreSQL with TDE Support @OL8 (Oracle Linux 8)

Pre-requistes

In my setup, I planned to virtualize VM in Parallels on Macintosh with M1 processor, because of this, I have chosen `arm64` version. But there is no RPM repository from EnterpriseDB PostgreSQL for ARM architecture. I decided to switch to another virtualization platform on `x64` architecture and proceed with `amd64` version..

# Download linux distribution from Oracle

```
https://yum.oracle.com/oracle-linux-isos.html
https://yum.oracle.com/ISOS/OracleLinux/OL8/u10/x86_64/OracleLinux-R8-U10-x86_64-dvd.iso

```

# Create VM, do updates.

# Create an account with EnterpriseDB

```
https://www.enterprisedb.com/

```

[![](https://storage.googleapis.com/iau-data-dox/uploads/images/gallery/2025-07/scaled-1680-/ZHsTMmLlNzRGVLOV-image-1753344414731.png)](https://storage.googleapis.com/iau-data-dox/uploads/images/gallery/2025-07/ZHsTMmLlNzRGVLOV-image-1753344414731.png)

Navigate to [![](https://storage.googleapis.com/iau-data-dox/uploads/images/gallery/2025-07/scaled-1680-/jgCXKFSjZcluhp0F-image-1753345021164.png)](https://storage.googleapis.com/iau-data-dox/uploads/images/gallery/2025-07/jgCXKFSjZcluhp0F-image-1753345021164.png)

Navigate to [![](https://storage.googleapis.com/iau-data-dox/uploads/images/gallery/2025-07/scaled-1680-/VaD6KwcoQCEmiy9x-image-1753345543450.png)](https://storage.googleapis.com/iau-data-dox/uploads/images/gallery/2025-07/VaD6KwcoQCEmiy9x-image-1753345543450.png)

# Find repo token

[![](https://storage.googleapis.com/iau-data-dox/uploads/images/gallery/2025-07/scaled-1680-/Dab80nr61oAXQROo-image-1753350558129.png)](https://storage.googleapis.com/iau-data-dox/uploads/images/gallery/2025-07/Dab80nr61oAXQROo-image-1753350558129.png)

Navigate to [![](https://storage.googleapis.com/iau-data-dox/uploads/images/gallery/2025-07/scaled-1680-/on6LHT3mVtMwCiIH-image-1753350725185.png)](https://storage.googleapis.com/iau-data-dox/uploads/images/gallery/2025-07/on6LHT3mVtMwCiIH-image-1753350725185.png)

Copy past a token.

## Configure repositories

ref

```
https://www.enterprisedb.com/docs/pgd/latest/essential-how-to/install/02-configure-repositories/

```

```bash
export EDB_SUBSCRIPTION_TOKEN=<your-token>
export EDB_REPO_TYPE=rpm

curl -1sSLf "https://downloads.enterprisedb.com/$EDB_SUBSCRIPTION_TOKEN/enterprise/setup.$EDB_REPO_TYPE.sh" | sudo -E bash
# curl -1sSLf "https://downloads.enterprisedb.com/$EDB_SUBSCRIPTION_TOKEN/postgres_distributed/setup.$EDB_REPO_TYPE.sh" | sudo -E bash

```

# Installation of EnterpriseDB PostgreSQL Advanced Server

ref

```
# Extended (PGE)
https://www.enterprisedb.com/docs/pge/latest/installing/linux_x86_64/pge_rhel_9/

# Advanced (EPAS)
https://www.enterprisedb.com/docs/epas/latest/installing/linux_x86_64/epas_rhel_9/

```

Add repository to the operating system

```
sudo dnf install -y https://yum.enterprisedb.com/edbrepos/edb-repo-latest.noarch.rpm

```

Verify repositories are added

```bash
dnf repolist | grep enterprisedb

```

Enable required modules

```bash
sudo dnf module enable -y edb-postgresql15

```

Install EDB PostgreSQL with TDE Support

```bash
sudo dnf install -y edb-as15-server edb-as15-tde

```

## Initialization of the Database with Transparent Data Encyption (TDE)

Create a directory for the key:

```bash
sudo mkdir -p /var/lib/edb/as15/data
sudo mkdir -p /var/lib/edb/as15/keys
sudo chown -R enterprisedb:enterprisedb /var/lib/edb/as15/

```

Create the master key:

```bash
sudo su - enterprisedb
openssl rand -hex 32 > /var/lib/edb/as15/keys/efm.key
chmod 600 /var/lib/edb/as15/keys/efm.key

```

Export the key location:

```bash
export EDB_TDE_KEY=/var/lib/edb/as15/keys/efm.key

```

Initialize with UTF-8 encoding enabled and TDE:

```bash
PGSETUP_INITDB_OPTIONS="-E UTF-8" /usr/edb/as15/bin/initdb -D /var/lib/edb/as15/data --data-encryption

```

## Configure the Server to Use the Key

Add the following to ~/.bash\_profile or systemd environment:

```bash
export EDB_TDE_KEY=/var/lib/edb/as15/keys/efm.key

```

For systemd service: create or edit drop-in file:

```bash
sudo systemctl edit edb-as-15

```

Add:

```
[Service]
Environment="EDB_TDE_KEY=/var/lib/edb/as15/keys/efm.key"

```

Refresh daemon and restart the service

```bash
sudo systemctl daemon-reexec
sudo systemctl daemon-reload
sudo systemctl start edb-as-15
sudo systemctl enable edb-as-15
sudo systemctl status edb-as-15

```

Check that server is listening for connections

```bash
ss -ntap | grep 5432

```

## Confirm that databse server is running and TDE is active

Execute as enterprisedb user:

```bash
sudo su - enterprisedb
psql edb


```

```sql
SHOW data_encryption;

```

Change admin password

```bash
ALTER ROLE enterprisedb IDENTIFIED BY password;

```

## Conclusion

- Database deployed.
- TDE enbled
- Backup master key. Once key is lost, database could not be opened.
- Ensure it has 400 permissions only, as any other keys.
- Proceed with normal database creation.

## Testing

Create db, table, insert and select.

```bash
sudo su - enterprisedb
psql edb

CREATE DATABASE hr;
\c hr

CREATE TABLE public.dept (deptno numeric(2)
    NOT NULL CONSTRAINT dept_pk PRIMARY KEY,
    dname varchar(14) CONSTRAINT dept_dname_uq UNIQUE,
    locvarchar(13));
INSERT INTO dept VALUES (10,'ACCOUNTING','Wonderland');
INSERT into dept VALUES (20,'RESEARCH','Intercity');

SELECT * FROM dept;

```