diff --git a/amazon.json b/amazon.json
index e164bdf57..9fe177a50 100644
--- a/amazon.json
+++ b/amazon.json
@@ -3,6 +3,7 @@
     "aws_access_key": "",
     "aws_secret_key": "",
     "region": "",
+    "ami": "",
     "name": ""
   },
   "builders": [{
@@ -10,14 +11,12 @@
     "access_key": "{{user `aws_access_key`}}",
     "secret_key": "{{user `aws_secret_key`}}",
     "region": "{{user `region`}}",
-    "source_ami": "ami-0f7719e8b7ba25c61",
-    "instance_type": "t2.micro",
+    "source_ami": "{{user `ami`}}",
+    "instance_type": "t2.large",
     "ssh_username": "ubuntu",
     "ami_name": "{{user `name`}}",
     "launch_block_device_mappings": [{
       "device_name": "/dev/sda1",
-      "encrypted": true,
-      "kms_key_id": "44e7e739-21f1-4678-829e-d1ac63d121b4",
       "iops": 400,
       "volume_type": "io1",
       "volume_size": 8,
@@ -35,6 +34,7 @@
       "type": "shell",
       "scripts": [
         "scripts/01-test",
+        "scripts/02-credentials_cleanup.sh",
         "scripts/90-cleanup.sh",
         "scripts/91-log_cleanup.sh",
         "scripts/99-img_check.sh"
diff --git a/ansible/files/ACCC4CF8.asc b/ansible/files/ACCC4CF8.asc
deleted file mode 100644
index 8480576ec..000000000
--- a/ansible/files/ACCC4CF8.asc
+++ /dev/null
@@ -1,77 +0,0 @@
------BEGIN PGP PUBLIC KEY BLOCK-----
-
-mQINBE6XR8IBEACVdDKT2HEH1IyHzXkb4nIWAY7echjRxo7MTcj4vbXAyBKOfjja
-UrBEJWHN6fjKJXOYWXHLIYg0hOGeW9qcSiaa1/rYIbOzjfGfhE4x0Y+NJHS1db0V
-G6GUj3qXaeyqIJGS2z7m0Thy4Lgr/LpZlZ78Nf1fliSzBlMo1sV7PpP/7zUO+aA4
-bKa8Rio3weMXQOZgclzgeSdqtwKnyKTQdXY5MkH1QXyFIk1nTfWwyqpJjHlgtwMi
-c2cxjqG5nnV9rIYlTTjYG6RBglq0SmzF/raBnF4Lwjxq4qRqvRllBXdFu5+2pMfC
-IZ10HPRdqDCTN60DUix+BTzBUT30NzaLhZbOMT5RvQtvTVgWpeIn20i2NrPWNCUh
-hj490dKDLpK/v+A5/i8zPvN4c6MkDHi1FZfaoz3863dylUBR3Ip26oM0hHXf4/2U
-A/oA4pCl2W0hc4aNtozjKHkVjRx5Q8/hVYu+39csFWxo6YSB/KgIEw+0W8DiTII3
-RQj/OlD68ZDmGLyQPiJvaEtY9fDrcSpI0Esm0i4sjkNbuuh0Cvwwwqo5EF1zfkVj
-Tqz2REYQGMJGc5LUbIpk5sMHo1HWV038TWxlDRwtOdzw08zQA6BeWe9FOokRPeR2
-AqhyaJJwOZJodKZ76S+LDwFkTLzEKnYPCzkoRwLrEdNt1M7wQBThnC5z6wARAQAB
-tBxQb3N0Z3JlU1FMIERlYmlhbiBSZXBvc2l0b3J5iQJOBBMBCAA4AhsDBQsJCAcD
-BRUKCQgLBRYCAwEAAh4BAheAFiEEuXsK/KoaR/BE8kSgf8x9RqzMTPgFAlhtCD8A
-CgkQf8x9RqzMTPgECxAAk8uL+dwveTv6eH21tIHcltt8U3Ofajdo+D/ayO53LiYO
-xi27kdHD0zvFMUWXLGxQtWyeqqDRvDagfWglHucIcaLxoxNwL8+e+9hVFIEskQAY
-kVToBCKMXTQDLarz8/J030Pmcv3ihbwB+jhnykMuyyNmht4kq0CNgnlcMCdVz0d3
-z/09puryIHJrD+A8y3TD4RM74snQuwc9u5bsckvRtRJKbP3GX5JaFZAqUyZNRJRJ
-Tn2OQRBhCpxhlZ2afkAPFIq2aVnEt/Ie6tmeRCzsW3lOxEH2K7MQSfSu/kRz7ELf
-Cz3NJHj7rMzC+76Rhsas60t9CjmvMuGONEpctijDWONLCuch3Pdj6XpC+MVxpgBy
-2VUdkunb48YhXNW0jgFGM/BFRj+dMQOUbY8PjJjsmVV0joDruWATQG/M4C7O8iU0
-B7o6yVv4m8LDEN9CiR6r7H17m4xZseT3f+0QpMe7iQjz6XxTUFRQxXqzmNnloA1T
-7VjwPqIIzkj/u0V8nICG/ktLzp1OsCFatWXh7LbU+hwYl6gsFH/mFDqVxJ3+DKQi
-vyf1NatzEwl62foVjGUSpvh3ymtmtUQ4JUkNDsXiRBWczaiGSuzD9Qi0ONdkAX3b
-ewqmN4TfE+XIpCPxxHXwGq9Rv1IFjOdCX0iG436GHyTLC1tTUIKF5xV4Y0+cXIOI
-RgQQEQgABgUCTpdI7gAKCRDFr3dKWFELWqaPAKD1TtT5c3sZz92Fj97KYmqbNQZP
-+ACfSC6+hfvlj4GxmUjp1aepoVTo3weJAhwEEAEIAAYFAk6XSQsACgkQTFprqxLS
-p64F8Q//cCcutwrH50UoRFejg0EIZav6LUKejC6kpLeubbEtuaIH3r2zMblPGc4i
-+eMQKo/PqyQrceRXeNNlqO6/exHozYi2meudxa6IudhwJIOn1MQykJbNMSC2sGUp
-1W5M1N5EYgt4hy+qhlfnD66LR4G+9t5FscTJSy84SdiOuqgCOpQmPkVRm1HX5X1+
-dmnzMOCk5LHHQuiacV0qeGO7JcBCVEIDr+uhU1H2u5GPFNHm5u15n25tOxVivb94
-xg6NDjouECBH7cCVuW79YcExH/0X3/9G45rjdHlKPH1OIUJiiX47OTxdG3dAbB4Q
-fnViRJhjehFscFvYWSqXo3pgWqUsEvv9qJac2ZEMSz9x2mj0ekWxuM6/hGWxJdB+
-+985rIelPmc7VRAXOjIxWknrXnPCZAMlPlDLu6+vZ5BhFX0Be3y38f7GNCxFkJzl
-hWZ4Cj3WojMj+0DaC1eKTj3rJ7OJlt9S9xnO7OOPEUTGyzgNIDAyCiu8F4huLPaT
-ape6RupxOMHZeoCVlqx3ouWctelB2oNXcxxiQ/8y+21aHfD4n/CiIFwDvIQjl7dg
-mT3u5Lr6yxuosR3QJx1P6rP5ZrDTP9khT30t+HZCbvs5Pq+v/9m6XDmi+NlU7Zuh
-Ehy97tL3uBDgoL4b/5BpFL5U9nruPlQzGq1P9jj40dxAaDAX/WKJAj0EEwEIACcC
-GwMFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AFAlB5KywFCQPDFt8ACgkQf8x9RqzM
-TPhuCQ//QAjRSAOCQ02qmUAikT+mTB6baOAakkYq6uHbEO7qPZkv4E/M+HPIJ4wd
-nBNeSQjfvdNcZBA/x0hr5EMcBneKKPDj4hJ0panOIRQmNSTThQw9OU351gm3YQct
-AMPRUu1fTJAL/AuZUQf9ESmhyVtWNlH/56HBfYjE4iVeaRkkNLJyX3vkWdJSMwC/
-LO3Lw/0M3R8itDsm74F8w4xOdSQ52nSRFRh7PunFtREl+QzQ3EA/WB4AIj3VohIG
-kWDfPFCzV3cyZQiEnjAe9gG5pHsXHUWQsDFZ12t784JgkGyO5wT26pzTiuApWM3k
-/9V+o3HJSgH5hn7wuTi3TelEFwP1fNzI5iUUtZdtxbFOfWMnZAypEhaLmXNkg4zD
-kH44r0ss9fR0DAgUav1a25UnbOn4PgIEQy2fgHKHwRpCy20d6oCSlmgyWsR40EPP
-YvtGq49A2aK6ibXmdvvFT+Ts8Z+q2SkFpoYFX20mR2nsF0fbt1lfH65P64dukxeR
-GteWIeNakDD40bAAOH8+OaoTGVBJ2ACJfLVNM53PEoftavAwUYMrR910qvwYfd/4
-6rh46g1Frr9SFMKYE9uvIJIgDsQB3QBp71houU4H55M5GD8XURYs+bfiQpJG1p7e
-B8e5jZx1SagNWc4XwL2FzQ9svrkbg1Y+359buUiP7T6QXX2zY++JAj0EEwEIACcC
-GwMFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AFAlEqbZUFCQg2wEEACgkQf8x9RqzM
-TPhFMQ//WxAfKMdpSIA9oIC/yPD/dJpY/+DyouOljpE6MucMy/ArBECjFTBwi/j9
-NYM4ynAk34IkhuNexc1i9/05f5RM6+riLCLgAOsADDbHD4miZzoSxiVr6GQ3YXMb
-OGld9kV9Sy6mGNjcUov7iFcf5Hy5w3AjPfKuR9zXswyfzIU1YXObiiZT38l55pp/
-BSgvGVQsvbNjsff5CbEKXS7q3xW+WzN0QWF6YsfNVhFjRGj8hKtHvwKcA02wwjLe
-LXVTm6915ZUKhZXUFc0vM4Pj4EgNswH8Ojw9AJaKWJIZmLyW+aP+wpu6YwVCicxB
-Y59CzBO2pPJDfKFQzUtrErk9irXeuCCLesDyirxJhv8o0JAvmnMAKOLhNFUrSQ2m
-+3EnF7zhfz70gHW+EG8X8mL/EN3/dUM09j6TVrjtw43RLxBzwMDeariFF9yC+5bL
-tnGgxjsB9Ik6GV5v34/NEEGf1qBiAzFmDVFRZlrNDkq6gmpvGnA5hUWNr+y0i01L
-jGyaLSWHYjgw2UEQOqcUtTFK9MNzbZze4mVaHMEz9/aMfX25R6qbiNqCChveIm8m
-Yr5Ds2zdZx+G5bAKdzX7nx2IUAxFQJEE94VLSp3npAaTWv3sHr7dR8tSyUJ9poDw
-gw4W9BIcnAM7zvFYbLF5FNggg/26njHCCN70sHt8zGxKQINMc6SJAj0EEwEIACcC
-GwMFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AFAlLpFRkFCQ6EJy0ACgkQf8x9RqzM
-TPjOZA//Zp0e25pcvle7cLc0YuFr9pBv2JIkLzPm83nkcwKmxaWayUIG4Sv6pH6h
-m8+S/CHQij/yFCX+o3ngMw2J9HBUvafZ4bnbI0RGJ70GsAwraQ0VlkIfg7GUw3Tz
-voGYO42rZTru9S0K/6nFP6D1HUu+U+AsJONLeb6oypQgInfXQExPZyliUnHdipei
-4WR1YFW6sjSkZT/5C3J1wkAvPl5lvOVthI9Zs6bZlJLZwusKxU0UM4Btgu1Sf3nn
-JcHmzisixwS9PMHE+AgPWIGSec/N27a0KmTTvImV6K6nEjXJey0K2+EYJuIBsYUN
-orOGBwDFIhfRk9qGlpgt0KRyguV+AP5qvgry95IrYtrOuE7307SidEbSnvO5ezNe
-mE7gT9Z1tM7IMPfmoKph4BfpNoH7aXiQh1Wo+ChdP92hZUtQrY2Nm13cmkxYjQ4Z
-gMWfYMC+DA/GooSgZM5i6hYqyyfAuUD9kwRN6BqTbuAUAp+hCWYeN4D88sLYpFh3
-paDYNKJ+Gf7Yyi6gThcV956RUFDH3ys5Dk0vDL9NiWwdebWfRFbzoRM3dyGP889a
-OyLzS3mh6nHzZrNGhW73kslSQek8tjKrB+56hXOnb4HaElTZGDvD5wmrrhN94kby
-Gtz3cydIohvNO9d90+29h0eGEDYti7j7maHkBKUAwlcPvMg5m3Y=
-=DA1T
------END PGP PUBLIC KEY BLOCK-----
diff --git a/ansible/files/apt_periodic b/ansible/files/apt_periodic
new file mode 100644
index 000000000..75870203d
--- /dev/null
+++ b/ansible/files/apt_periodic
@@ -0,0 +1,4 @@
+APT::Periodic::Update-Package-Lists "1";
+APT::Periodic::Download-Upgradeable-Packages "1";
+APT::Periodic::AutocleanInterval "7";
+APT::Periodic::Unattended-Upgrade "1";
\ No newline at end of file
diff --git a/ansible/files/kong.conf.j2 b/ansible/files/kong.conf.j2
deleted file mode 100644
index 1c97388f2..000000000
--- a/ansible/files/kong.conf.j2
+++ /dev/null
@@ -1,7 +0,0 @@
-database = off
-declarative_config = /etc/kong/kong.yml
-
-# plugins defined in the dockerfile
-plugins = request-transformer,cors,key-auth
-
-proxy_listen = 0.0.0.0:80 reuseport backlog=16384, 0.0.0.0:443 http2 ssl reuseport backlog=16834
diff --git a/ansible/files/kong.service.j2 b/ansible/files/kong.service.j2
deleted file mode 100644
index a4b08c55e..000000000
--- a/ansible/files/kong.service.j2
+++ /dev/null
@@ -1,20 +0,0 @@
-[Unit]
-Description=Kong server
-After=supabase.service postgrest.service
-Requires=supabase.service postgrest.service
-
-[Service]
-Type=forking
-ExecStart=/usr/local/bin/kong start -c /etc/kong/kong.conf
-ExecStop=/usr/local/bin/kong stop
-Restart=always
-User=kong
-Slice=services.slice
-
-# The kong user is unpriviledged and thus not permited to bind on ports < 1024
-# Via systemd we grant the process a set of priviledges to bind to 80/443
-# See http://archive.vn/36zJU
-AmbientCapabilities=CAP_NET_BIND_SERVICE
-
-[Install]
-WantedBy=multi-user.target
diff --git a/ansible/files/postgresql.service.j2 b/ansible/files/postgresql.service.j2
deleted file mode 100644
index d1b8e5f0a..000000000
--- a/ansible/files/postgresql.service.j2
+++ /dev/null
@@ -1,5 +0,0 @@
-# This is an additive override for the service files generated by the postgresql
-# installation. Systemd will pick this directive up and append it to the default
-# service definitions /lib/systemd/system/postgresql*
-[Service]
-Slice=slices.service
diff --git a/ansible/files/postgrest.service.j2 b/ansible/files/postgrest.service.j2
deleted file mode 100644
index edbed4e16..000000000
--- a/ansible/files/postgrest.service.j2
+++ /dev/null
@@ -1,17 +0,0 @@
-[Unit]
-Description=PostgREST
-{% if install_postgresql|bool %}
-Requires=postgresql.service
-After=postgresql.service
-{% endif %}
-
-[Service]
-Type=simple
-ExecStart=/opt/postgrest /etc/postgrest.conf
-Restart=always
-User=postgrest
-
-Slice=services.slice
-
-[Install]
-WantedBy=multi-user.target
diff --git a/ansible/files/supabase.service.j2 b/ansible/files/supabase.service.j2
deleted file mode 100644
index c17d6163b..000000000
--- a/ansible/files/supabase.service.j2
+++ /dev/null
@@ -1,24 +0,0 @@
-[Unit]
-Description=Supabase Realtime server
-{% if install_postgresql|bool %}
-Requires=postgresql.service
-After=postgresql.service
-{% endif %}
-
-[Service]
-Type=simple
-ExecStart=/opt/supabase/server/_build/prod/rel/realtime/bin/realtime start
-Restart=always
-
-# User for the build, and service
-User=supabase
-EnvironmentFile=/etc/supabase.env
-
-# Not specified in the supabase server docs but startup will fail if the HOME environmental
-# variable is not set.
-Environment="HOME=/home/supabase"
-
-Slice=services.slice
-
-[Install]
-WantedBy=multi-user.target
diff --git a/ansible/playbook.yml b/ansible/playbook.yml
index 0923face1..209426605 100644
--- a/ansible/playbook.yml
+++ b/ansible/playbook.yml
@@ -29,14 +29,12 @@
       file:
         path: /tmp/00-schema.sql
         state: absent
-
-    - name: Set up password for superadmin postgres
-      become: yes
-      become_user: postgres
-      postgresql_user:
-        name: postgres
-        password: "{{ postgres_superadmin_password }}"
     
+    - name: Adjust APT update intervals
+      copy: 
+        src: files/apt_periodic
+        dest: /etc/apt/apt.conf.d/10periodic
+
     - name: UFW - Allow SSH connections
       ufw:
         rule: allow
diff --git a/ansible/tasks/setup-extensions.yml b/ansible/tasks/setup-extensions.yml
index 09314b1c1..5b1ac56f2 100644
--- a/ansible/tasks/setup-extensions.yml
+++ b/ansible/tasks/setup-extensions.yml
@@ -43,6 +43,37 @@
     update_cache: yes
     cache_valid_time: 3600
 
+- name: pgAudit - download & install dependencies
+  apt:
+    pkg:
+      - postgresql-server-dev-12
+      - libssl-dev
+      - libkrb5-dev
+    update_cache: yes
+    install_recommends: no
+
+- name: pgAudit - download latest release
+  git:
+    repo: https://github.com/pgaudit/pgaudit.git
+    dest: /tmp/pgaudit
+  become: yes
+
+- name: pgAudit - build
+  make: 
+    chdir: /tmp/pgaudit
+    target: check
+    params:
+      USE_PGXS: 1
+  become: yes
+
+- name: pgAudit - install
+  make:
+    chdir: /tmp/pgaudit
+    target: install
+    params:
+      USE_PGXS: 1
+  become: yes
+
 - name: plv8 - download & install dependencies
   apt:
     pkg:
@@ -50,7 +81,6 @@
       - ca-certificates
       - curl
       - git-core
-      - python
       - gpp
       - cpp
       - pkg-config
diff --git a/ansible/tasks/setup-system.yml b/ansible/tasks/setup-system.yml
index 018f92297..3661710a1 100644
--- a/ansible/tasks/setup-system.yml
+++ b/ansible/tasks/setup-system.yml
@@ -4,15 +4,30 @@
   apt: update_cache=yes upgrade=yes
   # SEE http://archive.vn/DKJjs#parameter-upgrade
 
+- name: add universe repository for bionic
+  apt_repository: 
+    repo: deb http://archive.ubuntu.com/ubuntu bionic universe
+    state: present
+
 - name: Install essentials
   apt:
     pkg:
       - ufw
+      - fail2ban
+      - unattended-upgrades
+      - python3
+      - python3-pip
     update_cache: yes
     cache_valid_time: 3600
 
+- name: Adjust APT update intervals
+  copy: 
+    src: files/apt_periodic
+    dest: /etc/apt/apt.conf.d/10periodic
+
 - name: Install psycopg2 to enable ansible postgreSQL features
-  pip: name=psycopg2-binary
+  pip: 
+    name: psycopg2-binary
 
 - name: System - Create services.slice
   template:
diff --git a/ansible/vars.yml b/ansible/vars.yml
index 014a822f3..f62d78a7e 100644
--- a/ansible/vars.yml
+++ b/ansible/vars.yml
@@ -11,12 +11,16 @@ postgresql_ext_install_dev_headers: yes
 # Warning: Make sure the postgresql & postgis versions are compatible with one another
 postgresql_ext_postgis_version: 3
 
-postgresql_shared_preload_libraries: [pg_stat_statements]
+postgresql_shared_preload_libraries: [pg_stat_statements, pgaudit]
 
 postgresql_pg_hba_custom:
   - {type: "host", database: "all", user: "all", address: "0.0.0.0/0", method: "md5" }
 
-postgres_superadmin_password: "a1b2c3d4e5f6g7"
-
 pgtap_release: v1.1.0
-pgtap_release_checksum: sha1:cca57708e723de18735a723b774577dc52f6f31e
\ No newline at end of file
+pgtap_release_checksum: sha1:cca57708e723de18735a723b774577dc52f6f31e
+
+postgresql_log_destination: "csvlog"
+postgresql_logging_collector: on
+postgresql_log_filename: "postgresql.log"
+postgresql_log_rotation_age: 0
+postgresql_log_rotation_size: 0
\ No newline at end of file
diff --git a/digitalOcean.json b/digitalOcean.json
index 387526d9f..beadd80d5 100644
--- a/digitalOcean.json
+++ b/digitalOcean.json
@@ -10,7 +10,7 @@
     "region": "{{user `region`}}",
     "size": "s-1vcpu-1gb",
     "ssh_username": "root",
-    "snapshot_name": "supabase-postgresql-0.0.11"
+    "snapshot_name": "supabase-postgresql-0.12.0"
   }],
   "provisioners": [
     {
diff --git a/docker/Dockerfile b/docker/Dockerfile
index 47bf48b4b..50d945112 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -23,6 +23,20 @@ RUN git clone git://github.com/theory/pgtap.git \
 RUN apt-get update \ 
       && apt-get install postgresql-plpython3-12 -y
 
+# install pgAudit
+RUN pgAuditDependencies="postgresql-server-dev-$PG_MAJOR \
+    libssl-dev \
+    libkrb5-dev \
+    git-core" \
+    && apt-get update \
+    && apt-get install -y --no-install-recommends ${pgAuditDependencies} \
+    && cd /tmp \
+    && git clone https://github.com/pgaudit/pgaudit.git \
+    && cd pgaudit \
+    && git checkout master \ 
+    && make check USE_PGXS=1 \
+    && make install USE_PGXS=1 
+
 # install plv8
 ENV PLV8_VERSION=r3.0alpha
 
diff --git a/docker/mnt/init-permissions.sh b/docker/mnt/init-permissions.sh
index 88102ce79..3f1f106d9 100644
--- a/docker/mnt/init-permissions.sh
+++ b/docker/mnt/init-permissions.sh
@@ -2,9 +2,14 @@
 set -e
 
 echo "host replication $POSTGRES_USER 0.0.0.0/0 trust" >> $PGDATA/pg_hba.conf
-echo "shared_preload_libraries = 'pg_stat_statements'" >> $PGDATA/postgresql.conf
+echo "shared_preload_libraries = 'pg_stat_statements, pgaudit'" >> $PGDATA/postgresql.conf
 echo "pg_stat_statements.max = 10000" >> $PGDATA/postgresql.conf
 echo "pg_stat_statements.track = all" >> $PGDATA/postgresql.conf
 echo "wal_level=logical" >> $PGDATA/postgresql.conf
 echo "max_replication_slots=5" >> $PGDATA/postgresql.conf
 echo "max_wal_senders=10" >> $PGDATA/postgresql.conf
+echo "log_destination='csvlog'" >> $PGDATA/postgresql.conf
+echo "logging_collector=on" >> $PGDATA/postgresql.conf
+echo "log_filename='postgresql.log'" >> $PGDATA/postgresql.conf
+echo "log_rotation_age=0" >> $PGDATA/postgresql.conf
+echo "log_rotation_size=0" >> $PGDATA/postgresql.conf
diff --git a/scripts/02-credentials_cleanup.sh b/scripts/02-credentials_cleanup.sh
new file mode 100644
index 000000000..d1b359a66
--- /dev/null
+++ b/scripts/02-credentials_cleanup.sh
@@ -0,0 +1 @@
+sudo rm /home/ubuntu/.ssh/authorized_keys
\ No newline at end of file