Top
Enterprise Postgres 17 SP1 Knowledge DataManagement FeatureUser's Guide
Chapter 3 Semantic Text Search and Automatic Vectorization Feature > 3.2 Installation of Semantic Text Search and Automatic Vectorization > 3.2.5 Credentials Protection
PreviousNext

3.2.5 Credentials Protection

3.2.5.1 Encrypting Credentials

The pgx_vectorizer.worker_setting_table, which is created when pgx_vectorizer is set up, should be protected because it stores the API key that the worker performing vectorization uses to access the embedded provider that offers the vector embedding feature.

To encrypt this table, either encrypt the entire database to which the pgx_vectorizer feature is being added in advance, or move this table to an encrypted tablespace after adding the extension feature.

Example) When encrypting the entire database for which this feature is enabled

postgres=# CREATE DATABASE rag_database TABLESPACE = encrypted_tablespace;

rag_database=> CREATE EXTENSION pgx_vectorizer;

Example) Moving to encrypted table space

rag_database=> ALTER TABLE pgx_vectorizer.worker_setting_table SET TABLESPACE encrypted_tablespace;

3.2.5.2 Restrict Access to Credentials

The pgx_vectorizer.worker_setting_table, which stores the credential information, is configured so that only the user who executed the CREATE EXTENSION of the pgx_vectorizer feature can access it. If you want to allow access by other users, use the GRANT statement to grant access privilege to those users.

PreviousNext
Copyright 2025 Fujitsu Limited