PGP limitations and key requirements for PostgreSQL

PostgreSQL pgcrypto has limitations that affect key generation and usage.

• There's no support for signing. This means there’s no verification that a given encryption key (subkey) belongs to a valid PGP master key.

• There’s no support for using encryption key as a master key. Therefore, this practice isn't recommended.

• There’s no support for several subkeys, which might seem limiting as this is common practice. When working with pgcrypto, it’s recommended that you create new Gnu Privacy Guard (GPG) or Pretty Good Privacy (PGP) keys.

For more information, refer to official PostgreSQL documentation.

Security considerations

As an administrator of your organization, to ensure PostgreSQL database is secure, you must:

• Have read and write permissions so that Twilio Segment can write to your database.

• To allowlist the Segment IP addresses (3.251.148.96/29). If not, Segment can’t access or load data into your database. For more information, refer to allowlist Segment IP address.

• Create a service user who has read/write permissions.

• Always require SSL/TLS protocol and ensure your data warehouse can only accept secure connections. Verify that Segment connects to your data warehouse using only SSL/TLS.