2026-02-15 · postgresql security
How to store passwords, tokens, and keys in PostgreSQL instead of files. Encryption via pgcrypto.
CREATE TABLE secrets ( id SERIAL PRIMARY KEY, path TEXT UNIQUE, encrypted_value BYTEA, created_at TIMESTAMP DEFAULT NOW() );
INSERT INTO secrets (path, encrypted_value)
VALUES ('group/name',
pgp_sym_encrypt('secret_value', 'master_password'));
SELECT pgp_sym_decrypt(encrypted_value, 'master_password') FROM secrets WHERE path = 'group/name';
KeePass = file. File = single user. PostgreSQL = network, backups, queries.
CLI wrapper: vault-get "group/name" → returns password.
Simple, encrypted, works.