docs: move security guidance to SECURITY.md
This commit is contained in:
parent
1c829f009a
commit
aff63479f2
22
README.md
22
README.md
|
|
@ -265,26 +265,6 @@ Run `pg-r2-backup schedule` at any time to see scheduling examples.
|
|||
|
||||
---
|
||||
|
||||
## 🔐 Security
|
||||
|
||||
- **Do not expose PostgreSQL directly to the public internet.**
|
||||
If your database is not on a private network, use a secure tunnel instead.
|
||||
|
||||
- **Recommended: Cloudflare Tunnel**
|
||||
When using a public database URL, it is strongly recommended to connect via a secure tunnel such as **Cloudflare Tunnel** rather than opening database ports.
|
||||
|
||||
- **Protect credentials**
|
||||
Store all secrets (database URLs, R2 keys, encryption passwords) using environment variables.
|
||||
Never commit `.env` files to version control.
|
||||
|
||||
- **Encrypted backups (optional)**
|
||||
Set `BACKUP_PASSWORD` to enable encrypted backups using 7z before uploading to S3-compatible storage.
|
||||
|
||||
- **Least privilege access**
|
||||
Use a PostgreSQL user with read-only access where possible, and restrict R2 credentials to the required bucket only.
|
||||
|
||||
---
|
||||
|
||||
## 🛠 Development & Contributions
|
||||
|
||||
Fork this repository **only if you plan to**:
|
||||
|
|
@ -296,6 +276,8 @@ Fork this repository **only if you plan to**:
|
|||
|
||||
---
|
||||
|
||||
## For security best practices and deployment recommendations, see [SECURITY.md](SECURITY.md).
|
||||
|
||||
## ❓ FAQ
|
||||
|
||||
**Why only DATABASE_URL?**
|
||||
|
|
|
|||
|
|
@ -0,0 +1,48 @@
|
|||
# 🔐 Security Policy
|
||||
|
||||
## Database Exposure
|
||||
|
||||
This project does **not** require PostgreSQL to be exposed to the public internet.
|
||||
|
||||
- Never open PostgreSQL port `5432` directly without strict firewall rules.
|
||||
- Prefer private networking whenever possible.
|
||||
|
||||
## Managed Databases
|
||||
|
||||
Managed PostgreSQL providers (e.g. Supabase, Neon, AWS RDS, Google Cloud SQL)
|
||||
use public hostnames but secure connections via TLS, authentication, and network controls.
|
||||
These are safe to use without any tunnel.
|
||||
|
||||
## Self-hosted Databases
|
||||
|
||||
If you run PostgreSQL on your own server and cannot place it on a private network,
|
||||
use a secure tunnel such as:
|
||||
- Cloudflare Tunnel
|
||||
- SSH tunneling
|
||||
- VPN (WireGuard, Tailscale, etc.)
|
||||
|
||||
Do **not** expose database ports directly to the internet.
|
||||
|
||||
## Credentials & Secrets
|
||||
|
||||
- Store all secrets (database URLs, R2 access keys, encryption passwords)
|
||||
in environment variables.
|
||||
- Never commit `.env` files or credentials to version control.
|
||||
|
||||
## Encrypted Backups (Optional)
|
||||
|
||||
Set `BACKUP_PASSWORD` to enable encrypted backups before uploading
|
||||
to S3-compatible storage.
|
||||
|
||||
## Least Privilege
|
||||
|
||||
- Use a PostgreSQL user with read-only permissions where possible.
|
||||
- Restrict Cloudflare R2 credentials to the required bucket only.
|
||||
|
||||
## Reporting Security Issues
|
||||
|
||||
If you discover a security vulnerability, please report it responsibly.
|
||||
Do **not** open a public issue with sensitive details.
|
||||
|
||||
> This document describes recommended security practices; exact requirements depend on your deployment environment.
|
||||
|
||||
Loading…
Reference in New Issue