Hi PostgreSQL community,
As part of a security documentation update, we are preparing a Cryptographic Bill of Materials (CBOM) to document the cryptographic mechanisms used by the services deployed in our environment.
We would like your guidance on the cryptographic mechanisms used by PostgreSQL, including:
The types of cryptographic mechanisms involved (for example, TLS/SSL for client-server communication, authentication mechanisms, password hashing, replication security, encryption at rest where applicable)
The cryptographic algorithms and protocols used
The source or storage location of cryptographic material (for example, configuration files, certificates, private keys, system catalogs, or external key management systems)
The purpose of each mechanism (for example, data-in-transit encryption, authentication, access control, replication security)
Our goal is to accurately document PostgreSQL’s cryptographic controls for compliance and audit purposes. This request is for documentation clarity only and is not related to vulnerability disclosure.
Any clarification or references to official PostgreSQL documentation would be greatly appreciated.
Thank you for your time and support.
