fix: improving the docker-compose page suggesting to create the kong#5216
fix: improving the docker-compose page suggesting to create the kong#5216thesp0nge wants to merge 1 commit into
Conversation
user as a regular db user and not as database administrator. This enforces the least minimum privilege principle and it harden a bit the database suggested configuration.
✅ Deploy Preview for kongdeveloper ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
|
|
| ```bash | ||
| cat <<EOF > init-db.sql | ||
|
|
||
| CREATE USER kong WITH NOSUPERUSER NOCREATEDB NOCREATEROLE PASSWORD 'kong'; |
There was a problem hiding this comment.
Will the password for the 'kong' user remain in the sql script? Can the script be removed after the installation?
There was a problem hiding this comment.
The password for 'kong' user was first written in the docker compose file. I just moved in the init script because I want the 'kong' user to be created with a smaller subset of permissions.
The script is only used after the first docker compose up. In case the user will remove images, purging the volumes data, the script has to be present.
|
Possibly, this can be further improved by using multiple users with specific privileges: 1 for migrations, 1 for CP, 1 for DP... I got this from @bungle Can you two sync and create a backlog item with this idea? |
|
Let me know after you and @bungle sync so I can review the doc. |
4 participants
Improving the docker-compose page suggesting to create the kong user as a regular db user and not as database administrator. This enforces the least minimum privilege principle and it harden a bit the database suggested configuration.
Description
Fixes #issue
Preview Links
Checklist
descriptionentry in frontmatter.