# Postgres
## Set up non-root user for container
We are providing a non-root user to the container to limit the attack surface for privilege escalations. In order for this to work in our setup, please make sure to check if you have a user called `postgres` set up. 

1. Check if user `postgres` exists and if the UID is 1002

```
cat /etc/passwd | grep postgres
```

In case the `postgres` user exists but the UID is not 1002, please adjust it via 
```
sudo usermod -u 1002 postgres
```

In case the `postgres` user doesn't exist at all, please create the user incl. the right UID by running
```
sudo useradd -u 1002 postgres
```

## About secrets
In order to manage secrets centrally in 1Password and due to the need for secrets in Postgres, using `docker compose` directly in the terminal does not work. 

## Bring up/tear down container
Please use the `start.sh` to spin up the container
### Prerequisites start.sh
- User executing the script is part of the `docker` group
- Env variable `OP_SERVICE_ACCOUNT_TOKEN` is set up \[check out top-level README.md for more information on how to set this up\]