diff --git a/doc/BackupAndRestore.md b/doc/BackupAndRestore.md
new file mode 100644
index 0000000..b15d4a1
--- /dev/null
+++ b/doc/BackupAndRestore.md
@@ -0,0 +1,41 @@
+# Backup Architecture details
+
+![](backup.svg)
+
+* we use restic to produce small & encrypted backups
+* backup is scheduled at `schedule: "10 23 * * *"`
+* Gitea stores files in `/data/gitea` and `/data/git/repositories`, these files are backed up. 
+* The postgres db is also backed up
+
+## Manual init the restic repository for the first time
+
+1. apply backup-and-restore pod:   
+   `kubectl scale deployment backup-restore --replicas=1`
+2. exec into pod and execute restore pod (press tab to get your exact pod name)   
+   `kubectl exec -it backup-restore-... -- /usr/local/bin/init.sh`
+3. remove backup-and-restore pod:   
+   `kubectl scale deployment backup-restore --replicas=0`
+
+
+## Manual backup the restic repository for the first time
+
+1. apply backup-and-restore pod:   
+  `kubectl scale deployment backup-restore --replicas=1`
+2. exec into pod and execute restore pod (press tab to get your exact pod name)   
+   `kubectl exec -it backup-restore-... -- /usr/local/bin/backup.sh`
+3. remove backup-and-restore pod:   
+   `kubectl scale deployment backup-restore --replicas=0`
+
+
+## Manual restore
+
+1. apply backup-and-restore pod:   
+  `kubectl scale deployment backup-restore --replicas=1`
+2. Scale down gitea deployment:
+   `kubectl scale deployment gitea --replicas=0`
+3. exec into pod and execute restore pod (press tab to get your exact pod name)   
+   `kubectl exec -it backup-restore-... -- /usr/local/bin/restore.sh`
+4. Start gitea again:
+   `kubectl scale deployment gitea --replicas=1`
+5. remove backup-and-restore pod:   
+   `kubectl scale deployment backup-restore --replicas=0`
diff --git a/infrastructure/docker-backup/image/Dockerfile b/infrastructure/docker-backup/image/Dockerfile
index 9b6d4f0..02f5ca9 100644
--- a/infrastructure/docker-backup/image/Dockerfile
+++ b/infrastructure/docker-backup/image/Dockerfile
@@ -1,4 +1,4 @@
-FROM domaindrivenarchitecture/dda-backup:1.0.5
+FROM domaindrivenarchitecture/dda-backup:1.0.6
 
 # Prepare Entrypoint Script
 ADD resources /tmp
diff --git a/infrastructure/docker-backup/image/resources/backup.sh b/infrastructure/docker-backup/image/resources/backup.sh
index 9bdbde1..d2549fd 100755
--- a/infrastructure/docker-backup/image/resources/backup.sh
+++ b/infrastructure/docker-backup/image/resources/backup.sh
@@ -8,7 +8,6 @@ function main() {
     file_env RESTIC_DAYS_TO_KEEP 30
     file_env RESTIC_MONTHS_TO_KEEP 12
 
-    #backup-roles 'TODO'
     backup-db-dump
     backup-fs-from-directory '/var/backups/' 'gitea/' 'git/repositories/'
 }
diff --git a/infrastructure/docker-backup/image/resources/entrypoint-start-and-wait.sh b/infrastructure/docker-backup/image/resources/entrypoint-start-and-wait.sh
index 0915071..c6addac 100644
--- a/infrastructure/docker-backup/image/resources/entrypoint-start-and-wait.sh
+++ b/infrastructure/docker-backup/image/resources/entrypoint-start-and-wait.sh
@@ -1,6 +1,7 @@
 #!/bin/bash
 
 function main() {
+    create-pg-pass
 
     while true; do
         sleep 1m
@@ -8,4 +9,5 @@ function main() {
 }
 
 source /usr/local/lib/functions.sh
+source /usr/local/lib/pg-functions.sh
 main
\ No newline at end of file
diff --git a/infrastructure/docker-backup/image/resources/entrypoint.sh b/infrastructure/docker-backup/image/resources/entrypoint.sh
index b25e15f..96df4f3 100755
--- a/infrastructure/docker-backup/image/resources/entrypoint.sh
+++ b/infrastructure/docker-backup/image/resources/entrypoint.sh
@@ -1,9 +1,11 @@
 #!/bin/bash
 
 function main() {
-    
+    create-pg-pass
+
 	/usr/local/bin/backup.sh
 }
 
 source /usr/local/lib/functions.sh
+source /usr/local/lib/pg-functions.sh
 main
diff --git a/infrastructure/docker-backup/image/resources/init.sh b/infrastructure/docker-backup/image/resources/init.sh
index 322b35d..1f47fa5 100755
--- a/infrastructure/docker-backup/image/resources/init.sh
+++ b/infrastructure/docker-backup/image/resources/init.sh
@@ -4,11 +4,11 @@ function main() {
     file_env AWS_ACCESS_KEY_ID
     file_env AWS_SECRET_ACCESS_KEY
 
-    init-role-repo
     init-database-repo
     init-file-repo
 }
 
 source /usr/local/lib/functions.sh
+source /usr/local/lib/pg-functions.sh
 source /usr/local/lib/file-functions.sh
 main
diff --git a/infrastructure/docker-backup/image/resources/restic-snapshots.sh b/infrastructure/docker-backup/image/resources/restic-snapshots.sh
index ca889ce..1d97a2c 100755
--- a/infrastructure/docker-backup/image/resources/restic-snapshots.sh
+++ b/infrastructure/docker-backup/image/resources/restic-snapshots.sh
@@ -7,6 +7,7 @@ function main() {
     file_env AWS_SECRET_ACCESS_KEY
 
     restic -r ${RESTIC_REPOSITORY}/files snapshots
+    restic -r ${RESTIC_REPOSITORY}/pg-database snapshots
 }
 
 source /usr/local/lib/functions.sh
diff --git a/infrastructure/docker-backup/image/resources/restore.sh b/infrastructure/docker-backup/image/resources/restore.sh
index b56b97d..2289ab2 100755
--- a/infrastructure/docker-backup/image/resources/restore.sh
+++ b/infrastructure/docker-backup/image/resources/restore.sh
@@ -15,20 +15,19 @@ function main() {
     rm -rf /var/backups/restore
     restore-directory '/var/backups/restore'
 
-    rm -rf /data/gitea/*
-    rm -rf /data/git/repositories/*
-    cp /var/backups/restore/gitea/* /data/gitea/
-    cp /var/backups/restore/git/repositories/* /data/git/repositories/
+    rm -rf /var/backups/gitea/*
+    rm -rf /var/backups/git/repositories/*
+    cp -r /var/backups/restore/gitea/* /var/backups/gitea/
+    cp -r /var/backups/restore/git/repositories/* /var/backups/git/repositories/
     
-    # adjust file permissions
-    chown -R git:git /data
+    # adjust file permissions for the git user
+    chown -R 1000:1000 /var/backups
 
-    # Regenerate Git Hooks
-    /usr/local/bin/gitea -c '/data/gitea/conf/app.ini' admin regenerate hooks
+    # TODO: Regenerate Git Hooks? Do we need this?
+    #/usr/local/bin/gitea -c '/data/gitea/conf/app.ini' admin regenerate hooks
 
     # Restore db
     drop-create-db
-    #restore-roles
     restore-db
 }
 
diff --git a/src/main/resources/backup/backup-restore-deployment.yaml b/src/main/resources/backup/backup-restore-deployment.yaml
index c74145b..79f4ec7 100644
--- a/src/main/resources/backup/backup-restore-deployment.yaml
+++ b/src/main/resources/backup/backup-restore-deployment.yaml
@@ -22,6 +22,27 @@ spec:
         imagePullPolicy: IfNotPresent
         command: ["/entrypoint-start-and-wait.sh"]
         env:
+        - name: POSTGRES_USER
+          valueFrom:
+            secretKeyRef:
+              name: postgres-secret
+              key: postgres-user
+        - name: POSTGRES_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: postgres-secret
+              key: postgres-password
+        - name: POSTGRES_DB
+          valueFrom:
+            configMapKeyRef:
+              name: postgres-config
+              key: postgres-db
+        - name: POSTGRES_HOST
+          value: "postgresql-service:5432"
+        - name: POSTGRES_SERVICE
+          value: "postgresql-service"
+        - name: POSTGRES_PORT
+          value: "5432"
         - name: AWS_DEFAULT_REGION
           value: eu-central-1
         - name: AWS_ACCESS_KEY_ID_FILE
@@ -35,6 +56,8 @@ spec:
               key: restic-repository
         - name: RESTIC_PASSWORD_FILE
           value: /var/run/secrets/backup-secrets/restic-password
+        - name: CERTIFICATE_FILE
+          value: ""
         volumeMounts:
         - name: gitea-data-volume
           mountPath: /var/backups