plaintext 4 lines · 1 tab

PostgreSQL hardening with pg_hba and strict role separation

Kai Nakamura Apr 2026
1 tab
local   all             postgres                                peer
hostssl app_production  app_user        10.0.0.0/16             scram-sha-256
hostssl app_production  reporting_user  10.0.1.0/24             scram-sha-256
host    all             all             0.0.0.0/0               reject
1 file · plaintext Explain with highlit

Database hardening starts with connection control and role hygiene. I separate app, migration, reporting, and admin roles so compromise impact is constrained. The default question is not what permissions are convenient, but which ones are actually necessary.

Share this code

Here's the card — post it anywhere.

PostgreSQL hardening with pg_hba and strict role separation — share card
Link copied