Suggest edits

The following diagram shows the basic flow of the CTE solution.

Basic CTE Solution Implementation


Implementing the CipherTrust Transparent Encryption (CTE) solution requires the following components:

  • Postgres server installed and operational
  • CipherTrust Manager installed and operational
  • A CTE agent installed on the Postgres host registered to the CipherTrust Manager

Postgres host

  • Make sure that the Postgres server is installed and running.

  • For CentOS 7, you need to install the following repository:

sudo yum install -y lsof

CipherTrust Manager

Make sure that CipherTrust Manager is installed and running.

CypherTrust Manager

Configuring CipherTrust Manager

Log in to the CipherTrust Manager (CM) web UI. Then:

  1. Create a registration token.

    1. Navigate to Key and Access Management and select Registration Tokens. This token is used for the CTE agent enrollment to CM.

    2. To create a registration token, select New Registration Token.

    The screenshot shows a registration token created with the name edb.

    Registration Token

  2. Create user sets.

    1. Navigate to CTE and select Policies > Policy Elements > User Sets.

    2. To create the user set, select Create User Set.

  3. Create the Postgres, EnterpriseDB, and Barman user sets as shown in the following screenshots.

Create User Sets1

Create User Sets2

Create User Sets2

  1. Create a policy by navigating back to Policies and selecting Create Policy.

The following screenshots show the live data transformation (LDT) policies postgres-policy, epas-policy, and barman-policy.

postgres-policy Screenshot epas-policy Screenshot barman-policy Screenshot


The policies include the user sets Postgres and EnterpriseDB created in Step 2 and the same key rule for the policies:

Policy User Sets and Key Rule

Installing CTE agent

Refer to the following guides from Thales for installing the CTE agent on the Postgres host:


You need the registration token and host address of the CipherTrust Manager during the installation.

After the CTE agent is successfully installed, verify the Postgres host is registered with CM.

  1. Log in to the CM web UI and navigate to CTE.
  2. Select Clients. The client status appears as Healthy. (You might have to wait a few seconds for the status to update).

The screenshot shows clients registered with the CipherTrust Manager.

CipherTrust Manager Registered Clients

Could this page be better? Report a problem or suggest an addition!