pgpro_wrap

pgpro_wrap
Prev	Up	I.1. Additional PostgreSQL/Postgres Pro Client Applications	Home	Next

pgpro_wrap — obfuscate PL/pgSQL code

Synopsis

pgpro_wrap [ -V | --version ] [ -? | --help ]

Description

pgpro_wrap is the command-line utility that obfuscates the PL/pgSQL code to prevent unauthorized modifications of stored procedures and functions.

pgpro_wrap requires the OpenSSL and zlib libraries.

pgpro_wrap accepts a single input source file in UTF-8 encoding, obfuscates its contents, and returns an output file with the .wrap suffix. As a result, the PL/pgSQL code cannot be viewed or edited directly using client tools such as pgAdmin and remains obfuscated in the pg_proc system catalog. However, output files can be executed normally without any additional steps.

To obfuscate a PL/pgSQL source file, specify the filename:

./pgpro_wrap file_name

The utility creates an output file named file_name.wrap in the current directory. If this file already exists, pgpro_wrap exits with an error to prevent accidental overwriting.

Once the file is obfuscated, you can load it into the database server or include it in an extension. The server automatically unwraps the code during function creation or script execution.

Options

pgpro_wrap accepts the following command-line arguments:

-V --version: Print the pgpro_wrap version and exit.
-? --help: Show help about pgpro_wrap and exit.

Notes

Be aware that the obfuscated PL/pgSQL code is displayed in plain text in the following system components:

server log files
pg_proaudit logs
statistics collected by pg_stat_statements and pgpro_stats
data provided by auto_explain

Therefore, pgpro_wrap should not be considered as a complete security solution, as the PL/pgSQL code can be viewed through these diagnostic tools.