Description

pgpro_wrap is the command-line utility that obfuscates the PL/pgSQL code to prevent unauthorized modifications of stored procedures and functions.

pgpro_wrap requires the OpenSSL and zlib libraries.

pgpro_wrap accepts a single input source file in UTF-8 encoding, obfuscates its contents, and returns an output file with the .wrap suffix. As a result, the PL/pgSQL code cannot be viewed or edited directly using client tools such as pgAdmin and remains obfuscated in the pg_proc system catalog. However, output files can be executed normally without any additional steps.

To obfuscate a PL/pgSQL source file, specify the filename:

./pgpro_wrap file_name

The utility creates an output file named file_name.wrap in the current directory. If this file already exists, pgpro_wrap exits with an error to prevent accidental overwriting.

Once the file is obfuscated, you can load it into the database server or include it in an extension. The server automatically unwraps the code during function creation or script execution.

Options

pgpro_wrap accepts the following command-line arguments:

Notes

Be aware that the obfuscated PL/pgSQL code is displayed in plain text in the following system components:

Therefore, pgpro_wrap should not be considered as a complete security solution, as the PL/pgSQL code can be viewed through these diagnostic tools.