diff --git a/postgres/config/cluster.yaml b/postgres/config/cluster.yaml
index bc018ff..7b3f54a 100644
--- a/postgres/config/cluster.yaml
+++ b/postgres/config/cluster.yaml
@@ -11,6 +11,18 @@ spec:
     size: 20Gi
     storageClass: rook-ceph-block
 
+  backup:
+    barmanObjectStore:
+      destinationPath: "s3://weyma-talos-shared-pgsql-backup/"
+      endpointURL: http://10.105.15.20:9000
+      s3Credentials:
+        accessKeyId:
+          key: s3AccessKey
+          name: s3-backup-creds
+        secretAccessKey:
+          key: s3SecretKey
+          name: s3-backup-creds
+
   inheritedMetadata:
     labels:
       metrics_enabled: "true"
diff --git a/postgres/config/s3-backup-auth.yaml b/postgres/config/s3-backup-auth.yaml
new file mode 100644
index 0000000..0bd3eee
--- /dev/null
+++ b/postgres/config/s3-backup-auth.yaml
@@ -0,0 +1,25 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: s3-backup-creds
+spec:
+  data:
+  - remoteRef:
+      conversionStrategy: Default
+      decodingStrategy: None
+      key: cloudnativepg
+      metadataPolicy: None
+      property: s3_backup_key
+    secretKey: s3SecretKey
+  refreshInterval: 1h
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: weyma-vault
+  target:
+    template:
+      data:
+        s3AccessKey: fmRuq5b96EKqQOGR1prs
+        s3SecretKey: "{{ .s3SecretKey }}"
+    creationPolicy: Owner
+    deletionPolicy: Retain
+    name: s3-backup-creds
\ No newline at end of file
diff --git a/postgres/config/scheduled_backup.yaml b/postgres/config/scheduled_backup.yaml
new file mode 100644
index 0000000..0d3e411
--- /dev/null
+++ b/postgres/config/scheduled_backup.yaml
@@ -0,0 +1,9 @@
+apiVersion: postgresql.cnpg.io/v1
+kind: ScheduledBackup
+metadata:
+  name: postgres-nightly
+spec:
+  schedule: "0 4 * * *"
+  backupOwnerReference: self
+  cluster:
+    name: weyma-pgsql
\ No newline at end of file