How to make the database (or part of it) accessible to a cloud data processor?

I believe that the How to move from standalone container to separate web and data containers may have instructions for setting a password.

Also, I think you could bind the postgres port only to 127.0.0.1.

expose:
  - "80:80"
  - "443:443"
  - "127.0.0.1:5432:5432"