Re: Question on any plans to use the User Server/User Mapping to provide Logical Replication Subscriptions the user/password in an encrypted manner

On Mon, Jul 21, 2025 at 11:43 PM Vitale, Anthony, Sony Music
<anthony(dot)vitale(at)sonymusic(dot)com> wrote:
>
> I am not sure if I am posting this to the correct PG list, please let me know if there are other lists better suited to answer this question.
>
>
>
> Postgresql dblinks and dblink_fdw allow for the use of Server and user mapping to be able to store the user/password of a connection and save it in an encrypted manner.
>
>
>
> Logical replication subscription syntax regarding connection info allows for the user/password to be supplied within the subscription ddl.
>
>
>
> And the Subscription connection info is visible via the pg_subscription.subconninfo column, which can contain plain-text passwords, is intentionally restricted. Only the pg_read_all_settings role, superusers, and the owner of the subscription can SELECT from this column.
>
>
>
> In a dblink the connection info can be provided via the same connection parameters as allowed by the logical subscription syntax, however it is allowed to use a Created ServerName with a user mapping in the connections.
>
>
>
> I am not familiar on what it would take to allow logical subscriptions to use User Server/Mapping logic as the dblink extension allows but if it where possible then this would assure that only the role creating the User server/mapping can set the connection user/password and then it can be totally hidden from prying eyes.
>

Can you check the work being discussed in thread [1] and see if that
addresses your requirement?

[1] - https://www.postgresql.org/message-id/149ff9264db27cdf724b65709fbbaee4bf316835.camel%40j-davis.com

--
With Regards,
Amit Kapila.