> ## Documentation Index
> Fetch the complete documentation index at: https://docs.futurex.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Deploy the PostgreSQL service

> Step-by-step deployment of the PostgreSQL service in CryptoHub.

Complete the following steps to deploy the PostgreSQL service in CryptoHub:

<Steps>
  <Step>
    Log in to the CryptoHub under dual control using your administrator identities.
  </Step>

  <Step>
    Select the service you intend to deploy and select **\[ Deploy ]**.
  </Step>

  <Step>
    Configure the following **Service Setup** settings:

    * **Service Name**: The name of the application. Leave as default.
    * **Service Category**: The category the service falls under. Leave as default.
    * Select **\[ Next ]**.
  </Step>

  <Step>
    Configure the following **Access Control** settings:

    * **Authorized Resources**: The role you are logged in with has access to the service by default.
    * **Add Additional Resources**: Optional
    * Select **\[ Next ]**.
  </Step>

  <Step>
    Configure the **Authentication** settings to determine how users will authenticate to access encrypted files. The two options are **Kerberos** or **Local** authentication.

    **Local authentication** uses local Windows accounts to manage access to encrypted files. Users will be authenticated using their local Windows credentials.

    **Kerberos authentication** uses Windows Active Directory to manage access to encrypted files. Users will be authenticated using their domain credentials.

    <Warning>
      Active Directory configuration is required for Kerberos authentication. Go to Identity & Access Management, then select the Active Directory tab to set this up.
    </Warning>

    * Select **Local** or **Kerberos** authentication and select **\[ Next ]**.
  </Step>

  <Step>
    Configure the **Path Rules**:

    * Select **\[ Add Path Rule ]**.
    * Enter **role** or **group names** from Active Directory for broad access.
    * Enter Active Directory or individual **usernames** to grant access.
    * Choose **Basic setup** to encrypt a specific directory and file type, or select **Advanced Setup** to use wildcards like `**` for subdirectories and `*` for pattern matching.
    * Select\*\*\[ Add ]\*\*.

    <Note>
      For the PostgreSQL integration, you must specify a file-matching pattern the path to the `data` directory of your PostgreSQL installation. The example below will recursively encrypt all files in the `C:\PostgreSQL\data\` directory.

      Example:

      `C:\PostgreSQL\data`

      Based on the PostgreSQL directory structure, the following folders within the `data` directory relate to database instances:

      * `base`: This is the primary directory containing all database instances. Within `base`:
        * Each database has its own subdirectory named with its Object ID (OID)\*\*
        * For example, if a database had OID 16387, its files would be in `data\base\16387\`
      * `global`: Contains cluster-wide tables like `pgdatabase` and authentication information
      * `pgwal` (or `pgxlog` in older versions): Contains Write-Ahead Log files essential for database recovery
      * `pgtblspc`: Contains symbolic links to any tablespaces defined outside the main data directory

      The individual database data is primarily in the numbered subdirectories within `base`, such as `C:\PostgreSQL\data\base\16387\`.

      If you're considering encryption strategies, understanding this structure helps you decide whether to encrypt the entire `data` directory or target specific database subdirectories within `base`.
    </Note>
  </Step>

  <Step>
    Select **\[ Deploy ]**.
  </Step>
</Steps>
