Skip to main content

PostgresQL

Create a read-only role

Snaplet connects to your PostgresQL database in order to create snapshots. We recommend that you give us read-only access to your database, and that you restrict connection to a specific set of IP addresses.

Never cry over split milk!

Connect to your database and run the following SQL statements. These creates a snaplet_readonly user with the password a very good password and gives them the snaplet_read_all_data role.

PostgresQL v14 includes a pg_read_all_data role. Run SELECT version() in PostgresQL to determine your version.

danger

Change the username and the password!

SELECT version();
-- Create a "snaplet_readonly" user and associate the "pg_read_all_data" role.
-- We give the user BYPASSRLS privileges in order to introspect the db structure.
CREATE USER snaplet_readonly WITH PASSWORD 'a very good password' BYPASSRLS;
GRANT pg_read_all_data TO snaplet_readonly;

Grant IP address access

Snaplet uses 3.67.57.100, 3.68.126.236 and 35.158.181.77 to connect to your database. It's a good idea to restrict all traffic to PostgresQL, and only grant access where it's absolutely required.

Self-Signed Certificates

To make Snaplet work with servers using self-signed certificates. Please add sslmode=require to the database connection string:

SNAPLET_DATABASE_URL='postgresql://<user>:<password>@<host>:<port>/<database>?sslmode=required&ssl=true&sslmode=require' snaplet snapshot restore

During the snapshot capture process, use NODE_TLS_REJECT_UNAUTHORIZED=0:

NODE_TLS_REJECT_UNAUTHORIZED=0 SNAPLET_DATABASE_URL='postgresql://<user>:<password>@<host>:<port>/<database>?sslmode=required&ssl=true&sslmode=require' snaplet snapshot capture

Example: