As service engineer\
I want a to create backups with a dedicated backup role in Postgres\
So that I can avoid having to use the postgres superuser for backup purposes
This issue should be considered as a technical debt.
Context
In #69 and #80 we engineered backups using K8up so that every database is being backed up.
To that end, a user is required that has access to all databases. At the time, using the superuser postgres was good enough, but raised security concerns in case the user has disabled superuser using the spec.forInstance.enableSuperUser=false flag in the instance spec.
The current implementation has still postgres superuser enabled, even if the user disabled it. The credentials for the superuser are only not exposed in the connection secret, even though connections would technically still work.
This could be an edge case: The user enables superuser, gets or configures the password in an app, disables the superuser again, and the app would still be able to connect.
This issue is about creating and maintaining a Postgres Role that has access to the database and all future databases within an instance.
Summary
As service engineer\ I want a to create backups with a dedicated backup role in Postgres\ So that I can avoid having to use the
postgres
superuser for backup purposesThis issue should be considered as a technical debt.
Context
In #69 and #80 we engineered backups using K8up so that every database is being backed up. To that end, a user is required that has access to all databases. At the time, using the superuser
postgres
was good enough, but raised security concerns in case the user has disabled superuser using thespec.forInstance.enableSuperUser=false
flag in the instance spec.The current implementation has still
postgres
superuser enabled, even if the user disabled it. The credentials for the superuser are only not exposed in the connection secret, even though connections would technically still work. This could be an edge case: The user enables superuser, gets or configures the password in an app, disables the superuser again, and the app would still be able to connect.This issue is about creating and maintaining a Postgres Role that has access to the database and all future databases within an instance.
Out of Scope
Further links
No response
Acceptance Criteria
No response
Implementation Ideas
No response