ferraresso@tin.it wrote:
> I am tring the use of Logical Replication with Postgres 10.1.
> But I found this problem:
> I went to see in the log file of the two system what is going on.
> I found in the log (C:\Program Files\PostgreSQL\10\data\log) of the subscriber the line of the command:
> "CREATE SUBSCRIPTION mysub CONNECTION 'dbname=foo host=bar user=repuser password=secret' PUBLICATION mypub;"
> Where I can see the connection string exactly as written with the password in clear.
> I try to use the password with md5 hash ('md5'+md5(user+password)) and othe combination of encrypted password, in a
similarway I can do with "CREATE USER WITH ENCRYPTED ...".
> But it seemed to me that the only way is to use the password in clear.
> There is any way to avoid to log the password in clear manner?
You can run
BEGIN;
SET LOCAL log_statement='none';
SET LOCAL log__min_duration_statement=-1;
CREATE SUBSCRIPTION ...;
COMMIT;
to disable logging for the duration of a transaction.
Alternatively, you could allow "trust" authentication for replication
connections from one machine, then you don't have to send a password.
Yours,
Laurenz Albe