PostgreSQL connector

PostgreSQL, often simply Postgres, is an object-relational database management system (ORDBMS) with an emphasis on extensibility and standards compliance. PostgreSQL is developed by the PostgreSQL Global Development Group, a diverse group of many companies and individual contributors. It is free and open-source, released under the terms of the PostgreSQL License, a permissive software license.

Supported platforms

  • Unix

  • Linux

  • Windows

  • AWS RDS

  • AWS Aurora

  • Azure Database for PostgreSQL

  • Google Cloud SQL

Supported versions

  • 9.2

  • 9.3

  • 9.4

  • 9.5

  • 9.6

  • 10

  • 11

  • 12

  • 13

  • 14

  • 15

  • Enterprise DB

Supported features

Mode

Feature

Availability
Security

TLS/SSL

Available

Password Vault

Available

Kerberos

Unavailable
In-place masking

Multi-tenant

Available

Streams/Threads

Available

Batch Update

Available

Drop Indexes

Available

Disable Triggers

Available

Drop Constraints

Available

Identity Column Support

Available
On-the-fly masking

Truncate

Available

Disable Triggers

Available

Drop Constraints

Available
Profiling

Multi-tenant

Available

Streams

Available

TLS/SSL setup instructions

  1. Add the database’s certificate in the setup application using instructions in the Adding a certificate section, in the TrustStore settings article.

  2. Restart the Compliance engine.

  3. Create a PostgreSQL connector in Continuous Compliance with the relevant parameters. Upload a properties file for the connector with the following:

    ssl=true
sslmode=verify-full
sslfactory=org.postgresql.ssl.DefaultJavaSSLFactory

    Note: To use the verify-full setting (highest security), the PostgreSQL database certificate’s Common Name (CN) field must match the hostname. To check the CN value in the certificate: openssl x509 -in server.crt -text -noout

Google Cloud SQL IAM Authorization setup instructions

To authorize connections from Continuous Compliance to a Google Cloud SQL PostgreSQL instance, do the following:

  1. Provision a Google Compute Engine running Continuous Compliance. In the compute engine’s settings, enable Cloud SQL in the Identity and API access section.

  2. Create a built-in PostgreSQL connector with the following settings:

    1. Host: 127.0.0.1

    2. Port: 12345

    3. Upload a property file with the following:

      Copy 
      cloudSqlInstance=<connection name of the PostgreSQL instance from the Google Cloud web console>
      socketFactory=com.google.cloud.sql.postgres.SocketFactory