A hands-on hardening kit for **PostgreSQL** and **MySQL/MariaDB**: least-privilege roles, TLS and host-based authentication, audit logging, row-level security, column encryption, secrets management, a
Browse the actual product documentation and code examples included in this toolkit.
Key features of Database Security Hardening
• Backend engineers and DBAs standing up a new PostgreSQL/MySQL instance. • Teams preparing for a security review or SOC 2 / ISO 27001 control mapping. • Anyone who inherited a database where "the app connects as the superuser." • PostgreSQL 13–16 **or** MySQL 8.0/8.4 / MariaDB 10.6+. • Admin access (`postgres` superuser / MySQL `root@localhost`) for the one-time setup. • `openssl` on the machine running `check_tls.sh`.
Backend engineers and DBAs standing up a new PostgreSQL/MySQL instance.
Teams preparing for a security review or SOC 2 / ISO 27001 control mapping.
Anyone who inherited a database where "the app connects as the superuser."
PostgreSQL 13–16 **or** MySQL 8.0/8.4 / MariaDB 10.6+.
Admin access (`postgres` superuser / MySQL `root@localhost`) for the one-time setup.
`openssl` on the machine running `check_tls.sh`.
Configure Database Security Hardening parameters to see how the product works.
# see the auditor's output immediately, no database required:
python3 scripts/privilege_audit.py --demo
# then against your real export, failing CI on HIGH findings:
psql -h db01.example.com -U postgres -d app_db -At -F',' \
-f scripts/pg_privilege_audit.sql > inventory.csv
p