The following diagram shows the basic flow of the CTE solution.
Implementing the CipherTrust Transparent Encryption (CTE) solution requires the following components:
- Postgres server installed and operational
- CipherTrust Manager installed and operational
- A CTE agent installed on the Postgres host registered to the CipherTrust Manager
Make sure that the Postgres server is installed and running.
For CentOS 7, you need to install the following repository:
Make sure that CipherTrust Manager is installed and running.
Log in to the CipherTrust Manager (CM) web UI. Then:
Create a registration token.
Navigate to Key and Access Management and select Registration Tokens. This token is used for the CTE agent enrollment to CM.
To create a registration token, select New Registration Token.
The screenshot shows a registration token created with the name edb.
Create user sets.
Navigate to CTE and select Policies > Policy Elements > User Sets.
To create the user set, select Create User Set.
Create the Postgres, EnterpriseDB, and Barman user sets as shown in the following screenshots.
- Create a policy by navigating back to Policies and selecting Create Policy.
The following screenshots show the live data transformation (LDT) policies postgres-policy, epas-policy, and barman-policy.
The policies include the user sets Postgres and EnterpriseDB created in Step 2 and the same key rule for the policies:
Refer to the following guides from Thales for installing the CTE agent on the Postgres host:
You need the registration token and host address of the CipherTrust Manager during the installation.
After the CTE agent is successfully installed, verify the Postgres host is registered with CM.
- Log in to the CM web UI and navigate to CTE.
- Select Clients. The client status appears as Healthy. (You might have to wait a few seconds for the status to update).
The screenshot shows clients registered with the CipherTrust Manager.