Security: Best Practise

[AntonLugtenburg]

Hi, i'm relatively new to coding ( 3 years ), but i already have some commercial projects on own servers running.

Maybe someone could answer me some questions and thoughts about this package:

There are many reasons for backups, but one reason is also, if your server gets hacked, your data is not lost right?
But now, if your laravel application gets hacked and someone gets access to your server, he also gets access to the backup file system like s3 with the credentials from .env.

How do you prevent access to these backups ? I did setup an IAM Role with write and read permissions only, but then the packages capability of removing old backups is not working anymore of course ? Any other ways ?

Thank you