docs: move security guidance to SECURITY.md
This commit is contained in:
parent
1c829f009a
commit
aff63479f2
22
README.md
22
README.md
|
|
@ -265,26 +265,6 @@ Run `pg-r2-backup schedule` at any time to see scheduling examples.
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
## 🔐 Security
|
|
||||||
|
|
||||||
- **Do not expose PostgreSQL directly to the public internet.**
|
|
||||||
If your database is not on a private network, use a secure tunnel instead.
|
|
||||||
|
|
||||||
- **Recommended: Cloudflare Tunnel**
|
|
||||||
When using a public database URL, it is strongly recommended to connect via a secure tunnel such as **Cloudflare Tunnel** rather than opening database ports.
|
|
||||||
|
|
||||||
- **Protect credentials**
|
|
||||||
Store all secrets (database URLs, R2 keys, encryption passwords) using environment variables.
|
|
||||||
Never commit `.env` files to version control.
|
|
||||||
|
|
||||||
- **Encrypted backups (optional)**
|
|
||||||
Set `BACKUP_PASSWORD` to enable encrypted backups using 7z before uploading to S3-compatible storage.
|
|
||||||
|
|
||||||
- **Least privilege access**
|
|
||||||
Use a PostgreSQL user with read-only access where possible, and restrict R2 credentials to the required bucket only.
|
|
||||||
|
|
||||||
---
|
|
||||||
|
|
||||||
## 🛠 Development & Contributions
|
## 🛠 Development & Contributions
|
||||||
|
|
||||||
Fork this repository **only if you plan to**:
|
Fork this repository **only if you plan to**:
|
||||||
|
|
@ -296,6 +276,8 @@ Fork this repository **only if you plan to**:
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
|
## For security best practices and deployment recommendations, see [SECURITY.md](SECURITY.md).
|
||||||
|
|
||||||
## ❓ FAQ
|
## ❓ FAQ
|
||||||
|
|
||||||
**Why only DATABASE_URL?**
|
**Why only DATABASE_URL?**
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,48 @@
|
||||||
|
# 🔐 Security Policy
|
||||||
|
|
||||||
|
## Database Exposure
|
||||||
|
|
||||||
|
This project does **not** require PostgreSQL to be exposed to the public internet.
|
||||||
|
|
||||||
|
- Never open PostgreSQL port `5432` directly without strict firewall rules.
|
||||||
|
- Prefer private networking whenever possible.
|
||||||
|
|
||||||
|
## Managed Databases
|
||||||
|
|
||||||
|
Managed PostgreSQL providers (e.g. Supabase, Neon, AWS RDS, Google Cloud SQL)
|
||||||
|
use public hostnames but secure connections via TLS, authentication, and network controls.
|
||||||
|
These are safe to use without any tunnel.
|
||||||
|
|
||||||
|
## Self-hosted Databases
|
||||||
|
|
||||||
|
If you run PostgreSQL on your own server and cannot place it on a private network,
|
||||||
|
use a secure tunnel such as:
|
||||||
|
- Cloudflare Tunnel
|
||||||
|
- SSH tunneling
|
||||||
|
- VPN (WireGuard, Tailscale, etc.)
|
||||||
|
|
||||||
|
Do **not** expose database ports directly to the internet.
|
||||||
|
|
||||||
|
## Credentials & Secrets
|
||||||
|
|
||||||
|
- Store all secrets (database URLs, R2 access keys, encryption passwords)
|
||||||
|
in environment variables.
|
||||||
|
- Never commit `.env` files or credentials to version control.
|
||||||
|
|
||||||
|
## Encrypted Backups (Optional)
|
||||||
|
|
||||||
|
Set `BACKUP_PASSWORD` to enable encrypted backups before uploading
|
||||||
|
to S3-compatible storage.
|
||||||
|
|
||||||
|
## Least Privilege
|
||||||
|
|
||||||
|
- Use a PostgreSQL user with read-only permissions where possible.
|
||||||
|
- Restrict Cloudflare R2 credentials to the required bucket only.
|
||||||
|
|
||||||
|
## Reporting Security Issues
|
||||||
|
|
||||||
|
If you discover a security vulnerability, please report it responsibly.
|
||||||
|
Do **not** open a public issue with sensitive details.
|
||||||
|
|
||||||
|
> This document describes recommended security practices; exact requirements depend on your deployment environment.
|
||||||
|
|
||||||
Loading…
Reference in New Issue