Another open question is about logging new primary_conninfo:
> LOG: parameter "primary_conninfo" changed to "host=/tmp port=5432 password=hoge"
I my opinion this is not issue, database logs can have sensitive data. User queries, for example. If we not want expose such info - it is ok just hide new value from logs with new GUC flag? Or i need implement masked conninfo for this purpose?