Re: Turning recovery.conf into GUCs

On 1/6/15 4:40 PM, Josh Berkus wrote:
>> Btw., I'm not sure that everyone will be happy to have primary_conninfo
>> > visible, since it might contain passwords.
> Didn't we discuss this?  I forgot what the conclusion was ... probably
> not to put passwords in primary_conninfo.

One can always say, don't do that then.  But especially with
pg_basebackup -R mindlessly copying passwords from .pgpass into
recovery.conf, the combination of these factors would proliferate
passwords a bit too easily for my taste.

Maybe a separate primary_conninfo_password that is a kind of write-only
GUC would work.  (That's how passwords usually work: You can change your
password, but can't see your existing one.)