Transparent vs. Function-based Encryption
Column values can be encrypted at either of the following levels:
If you want the Ingres server to handle encryption for the application and be assured that data at rest is encrypted, declare the columns as encrypted on the CREATE TABLE statement, where you also define an encryption passphrase.
The passphrase applies to all encrypted rows and columns in the table.
If you want to control the process and provide the passphrase at the application level, use the SQL functions AES_ENCRYPT and AES_DECRYPT.
The passphrase can apply to one row.
You can combine the two levels, declaring encrypted columns on CREATE TABLE, and then storing application-encrypted data in them.