Hello,
I’m running into problems with the restriction on pgpass file types. When attempting to use something like an anonymous pipe for a passfile, psql throws an error stating that it only accepts plain files. If it matters, I'm trying to use that so I can pass a decrypted pgpassfile into postgres since my company is not allowed to have unencrypted credentials on disk (yes, I know that it's kind of silly to add one layer of abstraction, but it's an industry rule we can't avoid). I know that we can also just avoid using psql, but there are benefits to using it for simple scripts, so if we can make this work fairly easily we'd like to do that.
I looked around to see if I could figure out why that restriction was put there in the first place, but the only reference I found was this entry in the 8.2.6 release notes which I wasn’t able to trace back to anything in particular:
Fix libpq crash when PGPASSFILE refers to a file that is not a plain file (Martin Pitt)
I was also unable to find anything useful in the source code. There were no comments around this snippet indicating why it was limited to plain files (it was implemented this way back in 2005!):
https://github.com/postgres/postgres/blame/d3a0c8dce9380e77734e41becd9aa35618030352/src/interfaces/libpq/fe-connect.c#L3138
if (!S_ISREG(stat_buf.st_mode))
{
fprintf(stderr,
libpq_gettext("WARNING: Password file %s is not a plain file.\n"),
pgpassfile);
free(pgpassfile);
return NULL;
}
Does anyone know why it’s set up to avoid using things like anonymous pipes (or anything but "plain files")?
Regards,
Matt