Enable the following FEP features:

• Data masking

• Transparent Data Encryption (TDE)

• Fixed statistics

The Data masking is enabled by default in the example FEPClster CR (in OpenShift UI). The postgresql.conf in container contains the following parameters:

shared_preload_libraries = 'pgx_datamasking,pg_prewarm'
session_preload_libraries = 'pg_prewarm'
max_worker_processes= 20

The user can overwrite these values in config map.

TDE is enabled by default. Select one of the following as the keystore to store the master encryption key used for transparent data encryption.

• File-based keystore

• External key management service

If you use a key management service as your keystore, you can change the keystore to another key management service even after you deploy the FEP cluster. You cannot change from a file-based keystore to a key management service, or from a key management service to a file-based keystore.

Refer to "2.3.12 Transparent Data Encryption Using a Key Management System" for the design perspective when using a key management system.

Fixed statistics(pg_dbms_stats) is enabled by default.

A dbms_stats schema is created in each database.

The list of statistics backups and the list of currently fixed objects can be referenced with pguser defined in the FEPClsuter custom resource.

It also takes a backup of statistics by default.

During a major upgrade, the backup statistics maintained in the database are no longer available. The immobilization status will also be released. Ttake a backup and fix it again after executing the major upgrade.