On 1/6/15 4:40 PM, Josh Berkus wrote:
>> Btw., I'm not sure that everyone will be happy to have primary_conninfo
>> > visible, since it might contain passwords.
> Didn't we discuss this? I forgot what the conclusion was ... probably
> not to put passwords in primary_conninfo.
One can always say, don't do that then. But especially with
pg_basebackup -R mindlessly copying passwords from .pgpass into
recovery.conf, the combination of these factors would proliferate
passwords a bit too easily for my taste.
Maybe a separate primary_conninfo_password that is a kind of write-only
GUC would work. (That's how passwords usually work: You can change your
password, but can't see your existing one.)