Re: Question on any plans to use the User Server/User Mapping to provide Logical Replication Subscriptions the user/password in an encrypted manner

On Mon, Jul 21, 2025 at 11:43 PM Vitale, Anthony, Sony Music
<anthony.vitale@sonymusic.com> wrote:
>
> I am not sure if I am posting this to the correct PG list, please let me know if there are other lists better suited
toanswer this question. 
>
>
>
> Postgresql dblinks and dblink_fdw allow for the use of Server and user mapping to be able to store the user/password
ofa connection and save it in an encrypted manner. 
>
>
>
> Logical replication subscription syntax regarding connection info allows for the user/password to be supplied within
thesubscription ddl. 
>
>
>
> And the Subscription connection info is visible via the pg_subscription.subconninfo column, which can contain
plain-textpasswords, is intentionally restricted. Only the pg_read_all_settings role, superusers, and the owner of the
subscriptioncan SELECT from this column. 
>
>
>
> In a dblink the connection info can be provided via the same connection parameters as allowed by the logical
subscriptionsyntax, however it is allowed to use a Created ServerName with a user mapping in the connections. 
>
>
>
> I am not familiar on what it would take to allow logical subscriptions to use User Server/Mapping logic as the dblink
extensionallows but if it where possible then this would assure that only the role creating the User server/mapping can
setthe connection user/password and then it can be totally hidden from prying eyes. 
>

Can you check the work being discussed in thread [1] and see if that
addresses your requirement?

[1] - https://www.postgresql.org/message-id/149ff9264db27cdf724b65709fbbaee4bf316835.camel%40j-davis.com

--
With Regards,
Amit Kapila.