From 2a362fbd2e0a1a9fb4128cdb5a091199d7996077 Mon Sep 17 00:00:00 2001
From: Daniel Tschinder <231804+danez@users.noreply.github.com>
Date: Wed, 9 Jul 2025 13:12:32 +0200
Subject: [PATCH] Add doc to make Postgres only available local

---
 postgres_15/README.md |  9 +++++++++
 postgres_17/README.md | 11 +++++++++++
 2 files changed, 20 insertions(+)

diff --git a/postgres_15/README.md b/postgres_15/README.md
index 489d36db5..7a88120bd 100644
--- a/postgres_15/README.md
+++ b/postgres_15/README.md
@@ -58,6 +58,15 @@ The installation of this add-on is pretty straightforward and not different in c
 1. Check the logs of the add-on to see if everything went well.
 1. Use any Postgres client to connect, e.g. to `homeassistant.local:5432`
 
+## Security
+
+By default, Postgres will be reachable on the local network of your host system. To improve security, you can disable this behavior and make Postgres available only to other Add-ons within Home Assistant.
+
+1. Configure all Add-ons that use Postgres to connect via the internal DNS name: `db21ed7f-postgres:5432`.
+2. Go to **Settings → Add-ons → Postgres 15 → Configuration**, and under **Network**, remove port `5432` by clearing the text field.
+3. Click **Save** and restart the Add-on.
+4. Postgres is now only accessible from other Add-ons and no longer reachable from your local network (e.g., laptop, IoT devices, etc.).
+
 ## Support
 
 Create an issue on github
diff --git a/postgres_17/README.md b/postgres_17/README.md
index 26a2002f2..6fced5acc 100644
--- a/postgres_17/README.md
+++ b/postgres_17/README.md
@@ -66,6 +66,17 @@ Migration from postgres 15 :
 - use the Filebrowser addon to copy the database folder from /addon_configs/xxx-postgres to /addon_configs/xxx-postgres_latest
 - start the postgres 17 addon. Upgrade of the database should proceed. In case it doesn't, your data is anyway safe in the postgres 15 addon
 
+Sure! Here's the improved version in Markdown format for easy copy-pasting:
+
+## Security
+
+By default, Postgres will be reachable on the local network of your host system. To improve security, you can disable this behavior and make Postgres available only to other Add-ons within Home Assistant.
+
+1. Configure all Add-ons that use Postgres to connect via the internal DNS name: `db21ed7f-postgres-latest:5432`.
+2. Go to **Settings → Add-ons → Postgres 17 → Configuration**, and under **Network**, remove port `5432` by clearing the text field.
+3. Click **Save** and restart the Add-on.
+4. Postgres is now only accessible from other Add-ons and no longer reachable from your local network (e.g., laptop, IoT devices, etc.).
+
 ## Support
 
 Create an issue on github