diff --git a/envs/ci/postgres-init.sh b/envs/ci/postgres-init.sh
index 756d591..177ba38 100755
--- a/envs/ci/postgres-init.sh
+++ b/envs/ci/postgres-init.sh
@@ -1,9 +1,10 @@
 #!/bin/bash
+set -eo pipefail
 
 psql -U ${POSTGRES_USER} <<-END
 
+-- SUPERUSER is needed to create extensions. Remember to revoke it when not needed!
 CREATE USER ${SERVICE_DATABASE_USER} WITH
-    CREATEROLE
     SUPERUSER
     PASSWORD '${SERVICE_DATABASE_PASSWORD}';
 
@@ -16,6 +17,8 @@ CREATE DATABASE ${SERVICE_DATABASE_NAME}_TEST WITH
 CREATE USER ${SERVICE_DATABASE_READONLY_USER} WITH
     PASSWORD '${SERVICE_DATABASE_READONLY_PASSWORD}';
 
+\c ${SERVICE_DATABASE_NAME}
+
 GRANT CONNECT ON DATABASE ${SERVICE_DATABASE_NAME} TO ${SERVICE_DATABASE_READONLY_USER};
 
 GRANT USAGE ON SCHEMA public TO ${SERVICE_DATABASE_READONLY_USER};
@@ -23,4 +26,4 @@ GRANT USAGE ON SCHEMA public TO ${SERVICE_DATABASE_READONLY_USER};
 ALTER DEFAULT PRIVILEGES FOR USER ${SERVICE_DATABASE_USER} IN SCHEMA public
 GRANT SELECT ON TABLES TO ${SERVICE_DATABASE_READONLY_USER};
 
-END
\ No newline at end of file
+END
diff --git a/envs/dev/postgres-init.sh b/envs/dev/postgres-init.sh
index 756d591..177ba38 100755
--- a/envs/dev/postgres-init.sh
+++ b/envs/dev/postgres-init.sh
@@ -1,9 +1,10 @@
 #!/bin/bash
+set -eo pipefail
 
 psql -U ${POSTGRES_USER} <<-END
 
+-- SUPERUSER is needed to create extensions. Remember to revoke it when not needed!
 CREATE USER ${SERVICE_DATABASE_USER} WITH
-    CREATEROLE
     SUPERUSER
     PASSWORD '${SERVICE_DATABASE_PASSWORD}';
 
@@ -16,6 +17,8 @@ CREATE DATABASE ${SERVICE_DATABASE_NAME}_TEST WITH
 CREATE USER ${SERVICE_DATABASE_READONLY_USER} WITH
     PASSWORD '${SERVICE_DATABASE_READONLY_PASSWORD}';
 
+\c ${SERVICE_DATABASE_NAME}
+
 GRANT CONNECT ON DATABASE ${SERVICE_DATABASE_NAME} TO ${SERVICE_DATABASE_READONLY_USER};
 
 GRANT USAGE ON SCHEMA public TO ${SERVICE_DATABASE_READONLY_USER};
@@ -23,4 +26,4 @@ GRANT USAGE ON SCHEMA public TO ${SERVICE_DATABASE_READONLY_USER};
 ALTER DEFAULT PRIVILEGES FOR USER ${SERVICE_DATABASE_USER} IN SCHEMA public
 GRANT SELECT ON TABLES TO ${SERVICE_DATABASE_READONLY_USER};
 
-END
\ No newline at end of file
+END
diff --git a/envs/prod/cloudflared-int.yaml b/envs/prod/cloudflared-int.yaml
index 5470b2b..833acd2 100644
--- a/envs/prod/cloudflared-int.yaml
+++ b/envs/prod/cloudflared-int.yaml
@@ -1,5 +1,12 @@
 tunnel:
 credentials-file: /etc/cloudflared/certs/.json
+originRequest:
+  access:
+    required: true
+    teamName:
+    audTag:
+      - ... # Metabase
+      - ... # Asynqmon
 
 ingress:
   - hostname: api.
diff --git a/envs/prod/postgres-init.sh b/envs/prod/postgres-init.sh
index 756d591..177ba38 100755
--- a/envs/prod/postgres-init.sh
+++ b/envs/prod/postgres-init.sh
@@ -1,9 +1,10 @@
 #!/bin/bash
+set -eo pipefail
 
 psql -U ${POSTGRES_USER} <<-END
 
+-- SUPERUSER is needed to create extensions. Remember to revoke it when not needed!
 CREATE USER ${SERVICE_DATABASE_USER} WITH
-    CREATEROLE
     SUPERUSER
     PASSWORD '${SERVICE_DATABASE_PASSWORD}';
 
@@ -16,6 +17,8 @@ CREATE DATABASE ${SERVICE_DATABASE_NAME}_TEST WITH
 CREATE USER ${SERVICE_DATABASE_READONLY_USER} WITH
     PASSWORD '${SERVICE_DATABASE_READONLY_PASSWORD}';
 
+\c ${SERVICE_DATABASE_NAME}
+
 GRANT CONNECT ON DATABASE ${SERVICE_DATABASE_NAME} TO ${SERVICE_DATABASE_READONLY_USER};
 
 GRANT USAGE ON SCHEMA public TO ${SERVICE_DATABASE_READONLY_USER};
@@ -23,4 +26,4 @@ GRANT USAGE ON SCHEMA public TO ${SERVICE_DATABASE_READONLY_USER};
 ALTER DEFAULT PRIVILEGES FOR USER ${SERVICE_DATABASE_USER} IN SCHEMA public
 GRANT SELECT ON TABLES TO ${SERVICE_DATABASE_READONLY_USER};
 
-END
\ No newline at end of file
+END