# Postgre-TLS - Secure PostgreSQL Docker Setup with SSL/TLS

A secure PostgreSQL Docker container with enforced SSL/TLS encryption, certificate verification, and advanced security features.

## Docker Images

This project builds and publishes Docker images to the git.nixc.us registry:
- **Unstable**: `git.nixc.us/postgre-tls:unstable` (latest development)
- **Stable**: `git.nixc.us/postgre-tls:stable` (stable releases)

## Features

- **SSL/TLS Encryption**: TLSv1.3 with 256-bit AES-GCM encryption
- **Certificate Verification**: Full SSL certificate verification enabled
- **SCRAM-SHA-256 Authentication**: Secure password authentication
- **Row-Level Security**: Built-in support for fine-grained access control
- **Audit Logging**: Comprehensive audit trail for database operations
- **Data Integrity**: Checksums enabled for data corruption detection
- **Monitoring**: Built-in performance monitoring with pg_stat_statements
- **Encryption Functions**: pgcrypto extension for additional encryption capabilities

## Quick Start

1. **Start the PostgreSQL container**:
   ```bash
   ./start.sh
   ```

2. **Connect to the database**:
   ```bash
   ./connect.sh
   ```

3. **Stop the container**:
   ```bash
   docker-compose down
   ```

## SSL Connection Details

The setup provides enterprise-grade security with:
- **Encryption**: TLSv1.3 with TLS_AES_256_GCM_SHA384 cipher
- **Key Size**: 256-bit encryption
- **Certificate**: Self-signed with full verification
- **Authentication**: SCRAM-SHA-256 password hashing

## Manual Connection

You can also connect manually using psql:
```bash
psql "host=localhost port=5432 dbname=postgre_tls user=postgre_tls_user sslmode=verify-full sslrootcert=secrets/ca_crt"
```

For non-interactive connection, set the PGPASSWORD environment variable:
```bash
export PGPASSWORD=$(cat secrets/postgres_password || echo "change_me_in_production")
psql "host=localhost port=5432 dbname=postgre_tls user=postgre_tls_user sslmode=verify-full sslrootcert=secrets/ca_crt"
```

## Project Structure

```
Postgre-TLS/
├── docker-compose.yml    # Container configuration
├── Dockerfile           # Container image definition
├── start.sh            # Initialization and startup script
├── connect.sh          # SSL connection test script
├── postgresql.conf     # PostgreSQL configuration
├── USAGE.md           # Usage guide and commands
├── data/              # PostgreSQL data directory
├── secrets/           # SSL certificates and passwords
└── logs/              # Container logs
```