Skip to content

[Infrastructure] Backup: errors silently swallowed, unencrypted, only 7-day retention #416

Open
Open
[Infrastructure] Backup: errors silently swallowed, unencrypted, only 7-day retention#416
Labels
P1-highStability & reliabilityaudit-2026-03From March 2026 codebase auditreliabilityReliability or availability concernservice:infrastructure5stackgg/5stack-panel infrastructure
@Flegma

Description

@Flegma
Flegma
opened on Mar 26, 2026

Summary

Database backup system has reliability and security gaps.

Findings

  • postgres-backup-cronjob.yaml — multiple || true statements hide failures.
  • Same file — pg_dump without encryption, zip without password, S3 without SSE.
  • Same file — daily with 7 retained. No weekly/monthly tiers.

Impact

Backups can fail silently. Unencrypted if storage compromised. Only 7-day recovery window.

Suggested Fix

Remove || true from critical ops. Encrypt with GPG. Enable S3 SSE. Add tiered retention. Alert on failure.

Metadata

Metadata

Assignees

No one assigned

    Labels

    P1-highStability & reliabilityaudit-2026-03From March 2026 codebase auditreliabilityReliability or availability concernservice:infrastructure5stackgg/5stack-panel infrastructure

    Type

    No type

    Projects

    5stack - Roadmap

    Status

    Backlog

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions