From 7710c187618affdc018b17ccbf8369cc98d536eb Mon Sep 17 00:00:00 2001
From: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
Date: Thu, 10 Apr 2025 08:52:25 +0000
Subject: [PATCH] Check both HTTP and PostgreSQL authentication in safekeeper

Co-Authored-By: John Spray <john@neon.tech>
---
 safekeeper/src/bin/safekeeper.rs | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/safekeeper/src/bin/safekeeper.rs b/safekeeper/src/bin/safekeeper.rs
index aefcdd5183..39b6ebd0b7 100644
--- a/safekeeper/src/bin/safekeeper.rs
+++ b/safekeeper/src/bin/safekeeper.rs
@@ -348,8 +348,9 @@ async fn main() -> anyhow::Result<()> {
 
     if !args.dev {
         let http_auth_enabled = args.http_auth_public_key_path.is_some();
-        if !http_auth_enabled {
-            bail!("Safekeeper refuses to start with HTTP API authentication disabled.\n\
+        let pg_auth_enabled = args.pg_auth_public_key_path.is_some();
+        if !http_auth_enabled || !pg_auth_enabled {
+            bail!("Safekeeper refuses to start with HTTP or PostgreSQL API authentication disabled.\n\
                   Run with --dev to allow running without authentication.\n\
                   This is insecure and should only be used in development environments.");
         }