Greenplum database provides an optional package of encryption/decryption functions called pgcrypto. The pgcrypto package is not installed by default with Greenplum Database, however Greenplum can provide a platform-specific build of pgcrypto upon request. The pgcrypto functions allow database administrators to store certain columns of data in encrypted form. This adds an extra layer of protection for sensitive data, as data stored in Greenplum Database in encrypted form cannot be read by users who do not have the encryption key, nor be read directly from the disks. It is important to note that the pgcrypto functions run inside database server. That means that all the data and passwords move between pgcrypto and the client application in clear-text. For optimal security, consider also using SSL connections between the client and the Greenplum master server.