Re: SSL passphrase prompt external command

From: Daniel Gustafsson <daniel(at)yesql(dot)se>
To: Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>
Cc: pgsql-hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: SSL passphrase prompt external command
Date: 2018-02-26 06:32:36
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pgsql-hackers

> On 23 Feb 2018, at 11:14, Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com> wrote:
> Here is a patch that adds a way to specify an external command for
> obtaining SSL passphrases. There is a new GUC setting
> ssl_passphrase_command.

+1 on going down this route.

> Right now, we rely on the OpenSSL built-in prompting mechanism, which
> doesn't work in some situations, including under systemd. This patch
> allows a configuration to make that work, e.g., with systemd-ask-password.

+ replaced by a prompt string. (Write <literal>%%</literal> for a
+ literal <literal>%</literal>.) Note that the prompt string will

I might be thick, but I don’t see where the %% handled? Also, AFAICT a string
ending with %\0 will print a literal % without requiring %% (which may be a
perfectly fine case to allow, depending on how strict we want to be with the

cheers ./daniel

In response to


Browse pgsql-hackers by date

  From Date Subject
Next Message Chapman Flack 2018-02-26 06:39:30 Re: Precision loss casting float to numeric
Previous Message Michael Paquier 2018-02-26 06:23:37 Re: remove pg_class.relhaspkey