Question: How to encrypt traffic with SSL (self signed ok)

[gamedevsam]

I want to expose my DB so I can manage it remotely. I noticed that by default Postgres is initialized with scram-sha-256 authentication method, which in theory helps prevent password leakage over the wire even over unencrypted networks, so that's good.

What's not so good is that all the DB data can still be sniffed out without SSL encrypting the traffic.

I see scripts in the repo to create certs, but no instructions on how to use them.

Can you give a brief description of how those scripts work / what commands we should run to enable SSL on a container for PG (and if there are any considerations we should have when it comes to connecting into encrypted PGs)?

[josegonzalez]

Apologies for the late reply here.

I think the original docs for it are here, but basically the certificates can be copied out and used as desired.

We can probably add a security.md here and have that be injected into the readme (would need to check on how things not attached to commands work).