| From: | Marco van Eck <marco(dot)vaneck(at)gmail(dot)com> |
|---|---|
| To: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Have an encrypted pgpass file |
| Date: | 2018-07-18 17:46:26 |
| Message-ID: | CAE35ztOGZqgwae3mBA=L97pSg3kvin2xycQh=ir=5NiwCApiYQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hi,
Since .pgpass files contain plain-text passwords, I searched for an
alternative.
In the attached patch I've added the possibility to run a command to
produce the content of the pgpass file, in exactly the same format. In this
way I could use gpg or any other command to decrypt a pgpass file. It will
prefer the .pgpass file and will not call the command.
This would be my environment variable, to have no plain-text password:
PGPASSCOMMAND="gpg -q -d pgpass.gpg"
Other usages of the variable:
PGPASSCOMMAND="cat pgpass"
PGPASSCOMMAND="curl http://passwords/really-unsecure-pgpass"
PGPASSCOMMAND="my-own-secure-pgpass-script"
The submitted patch does it's job, though the command could throw errors.
What do you think of this solution?
Best regards,
Marco van Eck
| Attachment | Content-Type | Size |
|---|---|---|
| pgpasscommand_v1.patch | application/octet-stream | 6.0 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2018-07-18 18:05:17 | Re: ENOSPC FailedAssertion("!(RefCountErrors == 0)" |
| Previous Message | Robert Haas | 2018-07-18 17:03:20 | Re: ENOSPC FailedAssertion("!(RefCountErrors == 0)" |