Have an encrypted pgpass file

Поиск
Список
Период
Сортировка
От Marco van Eck
Тема Have an encrypted pgpass file
Дата
Msg-id CAE35ztOGZqgwae3mBA=L97pSg3kvin2xycQh=ir=5NiwCApiYQ@mail.gmail.com
обсуждение исходный текст
Ответы Re: Have an encrypted pgpass file  (Thomas Munro <thomas.munro@enterprisedb.com>)
Re: Have an encrypted pgpass file  (Alvaro Herrera <alvherre@2ndquadrant.com>)
Список pgsql-hackers
Дерево обсуждения
Hi,

Since .pgpass files contain plain-text passwords, I searched for an alternative.
In the attached patch I've added the possibility to run a command to produce the content of the pgpass file, in exactly the same format. In this way I could use gpg or any other command to decrypt a pgpass file. It will prefer the .pgpass file and will not call the command.

This would be my environment variable, to have no plain-text password:
    PGPASSCOMMAND="gpg -q -d pgpass.gpg"

Other usages of the variable:
    PGPASSCOMMAND="cat pgpass"
    PGPASSCOMMAND="curl http://passwords/really-unsecure-pgpass"
    PGPASSCOMMAND="my-own-secure-pgpass-script"

The submitted patch does it's job, though the command could throw errors. 

What do you think of this solution?


Best regards,
Marco van Eck

Вложения

В списке pgsql-hackers по дате отправления:

Предыдущее
От: Robert Haas
Дата:
Сообщение: Re: ENOSPC FailedAssertion("!(RefCountErrors == 0)"
Следующее
От: Tom Lane
Дата:
Сообщение: Re: ENOSPC FailedAssertion("!(RefCountErrors == 0)"