Crunchy Hardened PostgreSQL

Hardened, Secure, Access Controlled, & Commercially Supported PostgreSQL

Crunchy Hardened PostgreSQL is a state-of-the-art Postgres solution for security and compliance-focused enterprises. Crunchy Hardened PostgreSQL extends Crunchy PostgreSQL in order to enforce additional security controls to protect data from unauthorized access and comply with regulatory and privacy requirements. Crunchy Hardened Postgres combines advanced security features including enhanced RBAC, TDE, and superuser lockdown with commercial support requirements like High Availability, Disaster Recovery, and Certification.

Enhanced RBAC

Crunchy Hardened Postgres extends traditional Role Based Access Control (RBAC) with superuser lockdown for a highly secure role based and encrypted environment.

Table illustrating how database permisssions can be separated by data user, database admin, and system admin roles across read data, database administration rights, and operating system access
Text column describing the header for authentication and the question of 'who are you?', answered by LDAP, Active Directory, and Other. Second text column describing authorization and the question of 'are you allowed to do that?', answered by Supervisor Lockdown Policy (CPSM) and PostgreSQL RBAC.

Superuser Lockdown

Crunchy Hardened Postgres uses the Crunchy Postgres Security Module (CPSM) to lock down the superuser role in a way that favors better security and regulatory compliance. Superuser can complete normal Postgres maintenance but is blocked from data exports and queries.

Transparent Data Encryption

Transparent Data Encryption (TDE) is an enhanced encryption mechanism that protects table data from the OS admins at a level beyond full disk encryption. Postgres table files on disk are fully encrypted by the Postgres database itself and decrypted transparently upon execution. The TDE mechanism works with a fully HA failover scenario as well.

Image describing how Postgres data is encrypted; the Operating System administrator does not have access to the encrypted data.
Table describing how a user from one region can have access to only public data and not sensitive or secret data, while another user from a different region can have access to only public data and not sensitive or secret data.

Row Level Security

Row level and column level security roles can be an important part of the database configuration in a Hardened Postgres environment and are implemented per process requirements as needed. Crunchy has extensive experience with this part of the codebase.

Crunchy Certified PostgreSQL

Common Criteria EAL2+ PostgreSQL is at the core of Crunchy Hardened Postgres and is therefore interoperable with any applications that can connect to PostgreSQL.

Built for the security conscious enterprise, Crunchy Certified PostgreSQL includes the open source tools and extensions to support enterprise requirements and compliance regimes. It's backed by Crunchy PostgreSQL experts behind the CIS Benchmark for PostgreSQL and the PostgreSQL Security Technical Implementation Guide.

Icons symbolizing how we bring you Postgres backed by Common Criteria EAL2+ and our security conscious Crunchy Data Experts.

High Availability and Disaster Recovery

Crunchy Postgres environments are full solutions for database clustering and include disaster recovery protection with backups and point-in-time recovery. High availability is also included with cluster architecture designed to be zero-downtime, resilient, and self healing.

Flexible Deployments

Available for RHEL and CentOS environments, as well as containerized for deployment. Crunchy Postgres Operator for Kubernetes is Red Hat Level 5 Certified. Crunchy Hardened Postgres can be deployed to traditional environments or containers and on the host of your choice, on-premise, or in the cloud.


Cloud Hosted


Icons symbolizing how you can tick security concerns off your checklist with Crunchy Data

Security is at Crunchy's Core

Crunchy Data has been focused on advancing Postgres security since the beginning. We have also partnered with the United States Defense Information Systems Agency (DISA) to publish the first Security Technical Implementation Guide for open source database systems and the Center for Internet Security to publish the CIS Benchmark for Postgres. Crunchy Hardened PostgreSQL combines these best practices with advanced Postgres technology to provide an enhanced Postgres deployment for security focused enterprises.

Expert PostgreSQL Support

With many contributors to the PostgreSQL community on our team, Crunchy Data offers architecture and support expertise to successfully manage your database requirements. Our connections in the community and deep technical expertise is available 24x7x365 with our commercial support subscription.

Contact Crunchy Data Today