diff --git a/apps/README.md b/apps/README.md
index bdffb60..6ae75b9 100644
--- a/apps/README.md
+++ b/apps/README.md
@@ -6,4 +6,20 @@ kubectl run -i --tty --rm --restart=Never \
     --overrides='{"apiVersion": "v1", "spec": {"nodeSelector": {"kubernetes.io/hostname": "homea"}}}' \
     --image=nicolaka/netshoot:latest \
     debug -- sh
-```
\ No newline at end of file
+```
+
+### 密钥相关
+可以将helm部署中使用到的密钥放到k8s的secret中
+然后使用reflector将secret中的密钥同步到其他namespace中
+```shell
+kubectl -n infra-devops create secret generic s3-devcm-hw \
+    --from-literal=ACCESS_KEY_ID=xxxxx \
+    --from-literal=ACCESS_SECRET_KEY=xxxxx
+    
+kubectl -n infra-devops annotate secret s3-devcm-hw \
+    reflector.v1.k8s.emberstack.com/reflection-allowed=true \
+    reflector.v1.k8s.emberstack.com/reflection-allowed-namespaces=infra-data \
+    reflector.v1.k8s.emberstack.com/reflection-auto-enabled=true \
+    reflector.v1.k8s.emberstack.com/reflection-auto-namespace=infra-data --overwrite
+    
+```
diff --git a/apps/infra/data/cloudnative-pg/cnpg-cluster-hk-backup.yaml b/apps/infra/data/cloudnative-pg/cnpg-cluster-hk-backup.yaml
new file mode 100644
index 0000000..0835aa7
--- /dev/null
+++ b/apps/infra/data/cloudnative-pg/cnpg-cluster-hk-backup.yaml
@@ -0,0 +1,9 @@
+apiVersion: postgresql.cnpg.io/v1
+kind: Backup
+metadata:
+  name: cnpg-cluster-hk-backup
+  namespace: infra-data
+spec:
+  cluster:
+    name: cnpg-cluster-hk
+
diff --git a/apps/infra/data/cloudnative-pg/cnpg-cluster-hk.yaml b/apps/infra/data/cloudnative-pg/cnpg-cluster-hk.yaml
index c4ee0d1..96e2aea 100644
--- a/apps/infra/data/cloudnative-pg/cnpg-cluster-hk.yaml
+++ b/apps/infra/data/cloudnative-pg/cnpg-cluster-hk.yaml
@@ -17,4 +17,29 @@ spec:
   instances: 1
   enableSuperuserAccess: true
   storage:
-    size: 10Gi
\ No newline at end of file
+    size: 10Gi
+  backup:
+    retentionPolicy: "7d"
+    barmanObjectStore:
+      destinationPath: s3://devcm/cnpg/
+      endpointURL: https://obs.cn-east-3.myhuaweicloud.com
+      s3Credentials:
+        accessKeyId:
+          name: s3-devcm-hw
+          key: ACCESS_KEY_ID
+        secretAccessKey:
+          name: s3-devcm-hw
+          key: ACCESS_SECRET_KEY
+
+---
+apiVersion: postgresql.cnpg.io/v1
+kind: ScheduledBackup
+metadata:
+  name: cnpg-cluster-hk-backups
+  namespace: infra-data
+spec:
+  schedule: "0 0 0 * * *"
+  immediate: true
+  backupOwnerReference: self
+  cluster:
+    name: cnpg-cluster-hk
diff --git a/apps/infra/data/cloudnative-pg/cnpg-cluster-sh.yaml b/apps/infra/data/cloudnative-pg/cnpg-cluster-sh.yaml
index 104b3ef..c42ff2c 100644
--- a/apps/infra/data/cloudnative-pg/cnpg-cluster-sh.yaml
+++ b/apps/infra/data/cloudnative-pg/cnpg-cluster-sh.yaml
@@ -17,4 +17,29 @@ spec:
   instances: 1
   enableSuperuserAccess: true
   storage:
-    size: 10Gi
\ No newline at end of file
+    size: 10Gi
+  backup:
+    retentionPolicy: "7d"
+    barmanObjectStore:
+      destinationPath: s3://devcm/cnpg/
+      endpointURL: https://obs.cn-east-3.myhuaweicloud.com
+      s3Credentials:
+        accessKeyId:
+          name: s3-devcm-hw
+          key: ACCESS_KEY_ID
+        secretAccessKey:
+          name: s3-devcm-hw
+          key: ACCESS_SECRET_KEY
+
+---
+apiVersion: postgresql.cnpg.io/v1
+kind: ScheduledBackup
+metadata:
+  name: cnpg-cluster-sh-backups
+  namespace: infra-data
+spec:
+  schedule: "0 0 0 * * *"
+  immediate: true
+  backupOwnerReference: self
+  cluster:
+    name: cnpg-cluster-sh