pg_keytool

pg_keytool — derive cluster encryption key and/or send it to the PostgreSQL server

Synopsis

pg_keytool [option...]

Description

pg_keytool reads a password from standard input, runs the key derivation function (KDF) on it in order to derive the key and finally writes the key to standard output.

The common use case is that pg_keytool is used with the -K option of initdb or pg_ctl (see the examples in Chapter 31) and in the encryption_key_command configuration variable.

Options

-D directory

Specifies the directory where the database cluster is stored. In particular, pg_keytool reads the global/kdf_params file from here (see kdf_params file), as well as global/pg_control.

If this option is not passed, pg_keytool tries to get the data directory from the PGDATA environment variable.