Re: What are best practices wrt passwords?
| От | felix.quintgz@yahoo.com |
|---|---|
| Тема | Re: What are best practices wrt passwords? |
| Дата | |
| Msg-id | 48574746.2559694.1729088205609@mail.yahoo.com обсуждение исходный текст |
| Ответ на | What are best practices wrt passwords? (mbork@mbork.pl) |
| Список | pgsql-general |
Use the PGPASSWORD environment variable. Example: SET PGPASSWORD=P0stgres psql -h localhost -p 5432 -U postgres -d postgres -c "SELECT 1;'" https://www.postgresql.org/docs/current/libpq-envars.html On Wednesday, October 16, 2024 at 08:26:05 AM GMT-4, <mbork@mbork.pl> wrote: Hello all, I'd like to be able to use psql without typing passwords again and again. I know about `.pgpass` and PGPASSFILE, but I specifically do not want to use it - I have the password in the `.env` file, and having it in _two_ places comes with its own set of problems, like how to make sure they don't get out of sync. I understand why giving the password on the command line or in an environment variable is a security risk (because of `ps`), but I do not understand why `psql` doesn't have an option like `--password-command` accepting a command which then prints the password on stdout. For example, I could then use `pass` (https://www.passwordstore.org/) with gpg-agent. Is there any risk associated with this usage pattern? What is the recommended practice in my case other than using `.pgpass`? Thanks in advance, P.S. Please CC me in replies, since I'm not subscribed to the list. Thanks. -- Marcin Borkowski https://mbork.pl https://crimsonelevendelightpetrichor.net/
В списке pgsql-general по дате отправления: