Hi PostgreSQL community, As part of a security documentation update, we are preparing a *Cryptographic Bill of Materials (CBOM)* to document the cryptographic mechanisms used by the services deployed in our environment.
We would like your guidance on the *cryptographic mechanisms used by PostgreSQL*, including: - The *types of cryptographic mechanisms* involved (for example, TLS/SSL for client-server communication, authentication mechanisms, password hashing, replication security, encryption at rest where applicable) - The *cryptographic algorithms and protocols* used - The *source or storage location* of cryptographic material (for example, configuration files, certificates, private keys, system catalogs, or external key management systems) - The *purpose* of each mechanism (for example, data-in-transit encryption, authentication, access control, replication security) Our goal is to accurately document PostgreSQL’s cryptographic controls for *compliance and audit purposes*. This request is for documentation clarity only and is *not related to vulnerability disclosure*. Any clarification or references to official PostgreSQL documentation would be greatly appreciated. Thank you for your time and support.
