Setting up streaming replication security
Streaming replication is at least as secure as normal user connections to PostgreSQL.
Replication uses standard LibPQ connections, so we have all the normal mechanisms for authentication and SSL support, and all the firewall rules are similar.
Replication must be specifically enabled on both the sender and standby sides. Cascading replication does not require any additional security.
When performing a base backup, the pg_basebackup
, pg_receivewal
, and pg_recvlogical
 utilities will use the same type of LibPQ connections as a running, streaming standby. You can use other forms of base backup, such as rsync
, though you'll need to set up the security configuration manually.
Note
Standbys are identical copies of the primary, so all users exist on all nodes with identical passwords. All of the data is identical (eventually), and all the permissions are the same too. If you wish to control...