I want to expose my DB so I can manage it remotely. I noticed that by default Postgres is initialized with scram-sha-256 authentication method, which in theory helps prevent password leakage over the wire even over unencrypted networks, so that's good.
What's not so good is that all the DB data can still be sniffed out without SSL encrypting the traffic.
I see scripts in the repo to create certs, but no instructions on how to use them.
Can you give a brief description of how those scripts work / what commands we should run to enable SSL on a container for PG (and if there are any considerations we should have when it comes to connecting into encrypted PGs)?
josegonzalez
commented
8 months ago
I want to expose my DB so I can manage it remotely. I noticed that by default Postgres is initialized with
scram-sha-256authentication method, which in theory helps prevent password leakage over the wire even over unencrypted networks, so that's good.What's not so good is that all the DB data can still be sniffed out without SSL encrypting the traffic.
I see scripts in the repo to create certs, but no instructions on how to use them.
Can you give a brief description of how those scripts work / what commands we should run to enable SSL on a container for PG (and if there are any considerations we should have when it comes to connecting into encrypted PGs)?