Adoptable Cookbooks List

Looking for a cookbook to adopt? You can now see a list of cookbooks available for adoption!
List of Adoptable Cookbooks

Supermarket Belongs to the Community

Supermarket belongs to the community. While Chef has the responsibility to keep it running and be stewards of its functionality, what it does and how it works is driven by the community. The chef/supermarket repository will continue to be where development of the Supermarket application takes place. Come be part of shaping the direction of Supermarket by opening issues and pull requests or by joining us on the Chef Mailing List.

Select Badges

Select Supported Platforms

Select Status


postgres-hardening (3) Versions 1.1.0

Installs and configures a secure posgres server

cookbook 'postgres-hardening', '= 1.1.0', :supermarket
cookbook 'postgres-hardening', '= 1.1.0'
knife supermarket install postgres-hardening
knife supermarket download postgres-hardening
Quality 67%

postgres-hardening (Postgres cookbook)

Build Status
Code Coverage
Gitter Chat


Provides security configurations for postgres.

Note: This is currently work in progress and not tested on all supported platforms


  • chef


This cookbook is optimized to work with os-hardening and ssh-hardening. It will play well without, but you need to ensure all preconditions like apt-get update or yum update are met.

add the following to your runlist and customize security option attributes


You should also use the official postgres packages, because those offer the latest fixes. Enable the suitable option for the postgres cookbook.

"postgresql": {

   # debian, ubuntu
   "enable_pgdg_apt": true

   # rhel
   "enable_pgdg_yum": true


The hardening cookbook is only optimized for Postgresql 9.3. This can be activated for postgres cookbook.

"postgresql": {
   version: "9.3"

Enable SSL

Please read first.

This cookbook will delete the links from /var/lib/postgresql/#{node['postgresql']['version']}/main/server.crt to /etc/ssl/certs/ssl-cert-snakeoil.pem and /var/lib/postgresql/#{node['postgresql']['version']}/main/server.key to /etc/ssl/private/ssl-cert-snakeoil.key on Debian systems. This certificates are self-signed (see and therefore not trusted. You have to provide your own trusted certificates for SSL.

Security Options


# Install dependencies
gem install bundler
bundle install

# Do lint checks
bundle exec rake lint

# Fetch tests
bundle exec thor kitchen:fetch-remote-tests

# fast test on one machine
bundle exec kitchen test default-ubuntu-1204

# test on all machines
bundle exec kitchen test

# for development
bundle exec kitchen create default-ubuntu-1204
bundle exec kitchen converge default-ubuntu-1204

Contributors + Kudos

  • Edmund Haselwanter
  • Dominik Richter
  • Christoph Hartmann
  • Patrick Meier

License and Author

  • Author:: Deutsche Telekom AG

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
See the License for the specific language governing permissions and
limitations under the License.

Dependent cookbooks

postgresql >= 3.4.0

Contingent cookbooks

There are no cookbooks that are contingent upon this one.

Change Log

v1.1.0 (2017-01-03)

Full Changelog

Closed issues:

  • Remove default self-generated ssl certificates #3

Merged pull requests:

v1.0.0 (2014-09-02)

Merged pull requests:

* This Change Log was automatically generated by github_changelog_generator

Collaborator Number Metric

1.1.0 passed this metric

Foodcritic Metric

1.1.0 passed this metric

License Metric

1.1.0 failed this metric

postgres-hardening does not have a valid open source license.
Acceptable licenses include Apache 2.0, apachev2, MIT, mit, GNU Public License 2.0, gplv2, GNU Public License 3.0, gplv3.