To clearly distinguish between regular data and sensitive data, the Always confidential database feature allows you to define data types for sensitive data and frequently used SQL operators. For more information about data types of sensitive data and related SQL operators, see Supported capabilities.
New data types of sensitive data
You must distinguish between sensitive data and regular data based on your business requirements. You must define the data types of sensitive data in table schemas.
The following example describes a table schema.
CREATE TABLE example (
account integer, -- The account that corresponds to plaintext data of the INTEGER type.
name text, -- The name that corresponds to plaintext data of the TEXT type.
balance real, -- The account balance that corresponds to plaintext data of the REAL type.
credit real, -- The credit line of the account that corresponds to plaintext data of the REAL type.
quota real, -- The plaintext column.
address text, -- The address that corresponds to plaintext data of the TEXT type.
remark text, -- The description.
PRIMARY KEY (account) -- Specifies that the account column is used as the primary key.
);
In the preceding table schema, account
, name
, balance
, credit
, and address
are sensitive data fields that are defined based on business requirements. The following example describes the sensitive data fields in the table schema of a Always confidential database:
CREATE TABLE example (
account enc_int4, -- The account that corresponds to plaintext data of the INTEGER type.
name enc_text, -- The name that corresponds to plaintext data of the TEXT type.
balance enc_float4, -- The account balance that corresponds to plaintext data of the REAL type.
credit enc_float4, -- The credit line of the account that corresponds to plaintext data of the REAL type.
quota real, -- The plaintext column.
address enc_text, -- The address that corresponds to plaintext data of the TEXT type.
remark text, -- The remarks.
PRIMARY KEY (account) -- Specifies that the account column is used as the primary key.
);
Conversion of existing regular data to sensitive data
You can execute the ALTER TABLE
statement to separately configure an existing table and convert regular data in plaintext in the table to sensitive data in ciphertext. For more information, see Convert data between plaintext and ciphertext.
What to do next
After you define data types of sensitive data, you can use the Always confidential database feature as expected. For more information about how to connect to an RDS instance by using the Always confidential database feature from your client, see Use the Always confidential database feature from a client.