Security considerations and best practices for pgtrace.

The API supports authentication via environment variables:

• PGTRACE_AUTH_ENABLED=true - Enable authentication
• PGTRACE_AUTH_USERNAME - Basic auth username
• PGTRACE_AUTH_PASSWORD - Basic auth password
• PGTRACE_AUTH_TOKEN - Bearer token (alternative to basic auth)

Authentication is disabled by default for development. Enable it in production.

Never commit secrets to version control. Use environment variables:

• Database passwords: PGTRACE_DB_PASSWORD, DATABASE_URL
• API secrets: SECRET_KEY_BASE, PGTRACE_AUTH_*
• Use secret management systems in production (Vault, AWS Secrets Manager, etc.)

• Use TLS/SSL for all connections in production
• Configure PostgreSQL to use SSL connections
• Use reverse proxy (nginx, Caddy) for TLS termination
• Restrict database access to specific IPs/networks
• Use firewall rules to restrict API access

• Use dedicated database users with minimal permissions
• Agent user: pgtrace_writer role (insert-only)
• API user: pgtrace_reader role (read-only)
• Never use superuser accounts
• Enable PostgreSQL SSL connections
• Use strong passwords

The agent needs minimal read-only permissions:

• Read access to system views only
• No access to application data
• No write permissions
• Use dedicated user with minimal grants

• Enable authentication in production
• Use HTTPS/TLS
• Implement rate limiting (future enhancement)
• Validate all inputs
• Use CORS appropriately (future enhancement)
• Set security headers (implemented)

• Run agent as non-root user
• Use systemd or container isolation
• Limit filesystem access
• Monitor agent logs
• Use read-only database connections

• Rotate secrets regularly
• Monitor access logs
• Audit database access
• Keep dependencies updated
• Follow principle of least privilege
• Regular security updates

Report security issues responsibly. See repository security policy.