# Postgre-TLS - Secure PostgreSQL Docker Setup with SSL/TLS

A secure PostgreSQL Docker container with enforced SSL/TLS encryption, certificate verification, and advanced security features.

## Features

- **SSL/TLS Encryption**: TLSv1.3 with 256-bit AES-GCM encryption
- **Certificate Verification**: Full SSL certificate verification enabled
- **SCRAM-SHA-256 Authentication**: Secure password authentication
- **Row-Level Security**: Built-in support for fine-grained access control
- **Audit Logging**: Comprehensive audit trail for database operations
- **Data Integrity**: Checksums enabled for data corruption detection
- **Monitoring**: Built-in performance monitoring with pg_stat_statements
- **Encryption Functions**: pgcrypto extension for additional encryption capabilities

## Quick Start

1. **Start the PostgreSQL container**:
   ```bash
   ./start.sh
   ```

2. **Connect to the database**:
   ```bash
   ./connect.sh
   ```

3. **Stop the container**:
   ```bash
   docker-compose down
   ```

## SSL Connection Details

The setup provides enterprise-grade security with:
- **Encryption**: TLSv1.3 with TLS_AES_256_GCM_SHA384 cipher
- **Key Size**: 256-bit encryption
- **Certificate**: Self-signed with full verification
- **Authentication**: SCRAM-SHA-256 password hashing

## Manual Connection

You can also connect manually using psql:
```bash
psql "host=localhost port=5432 dbname=ploughgres user=ploughgres_user sslmode=verify-full sslrootcert=secrets/ca_crt"
```

For non-interactive connection, set the PGPASSWORD environment variable:
```bash
export PGPASSWORD=$(cat secrets/postgres_password || echo "change_me_in_production")
psql "host=localhost port=5432 dbname=ploughgres user=ploughgres_user sslmode=verify-full sslrootcert=secrets/ca_crt"
```

## Project Structure

```
```