Description

pgpro_wrap is a command-line utility designed to protect the PL/pgSQL code from unauthorized viewing and modification. It transforms stored procedures and functions into an obfuscated form that remains executable by the database server but cannot be easily viewed in the system catalogs.

Usage

A typical usage workflow consists of several steps. First, a PL/pgSQL function or procedure is written in a plain text file, which must be encoded in UTF-8. This file is then processed by pgpro_wrap, which produces an output file with the .wrap suffix. The output file is subsequently loaded into the database using the psql utility. The database server automatically processes the code and creates the corresponding stored object. The resulting function or procedure is then executed normally without any additional steps.

When an attempt is made to view or edit the source code of such objects directly using client tools such as pgAdmin or through the pg_proc system catalog, only the obfuscated representation is displayed. However, if an error occurs during the execution of an obfuscated object, the error message includes the failing line in plain text. This is necessary for debugging purposes.

Options

pgpro_wrap accepts the following command-line arguments:

Notes

Be aware that the obfuscated PL/pgSQL code is displayed in plain text in the following system components:

Thus, pgpro_wrap effectively prevents casual viewing and direct editing of the PL/pgSQL source code through system catalogs and client tools. However, the source code may still appear in plain text in the diagnostic contexts listed above. This is an essential property of monitoring and debugging facilities, not a limitation of the utility.