Re: scram-sha-256 encrypted password in pgpass

Greetings,

* Tim Cross (theophilusx(at)gmail(dot)com) wrote:
> I suspect it is unlikely you will ever see a .pgpass solution which
> supports encryption. There are just too many 'chicken and egg' problems
> - you need a key to encrypt the .pgpass file, but now you need to store
> the key securely. Problem made more difficult because different
> platforms all do this in different ways and with different levels of
> sophistication. While it could be done, the amount of work required is
> probably more than the desire for anyone to implement it (not a big
> enough itch).

I generally agree with most of what you had here, but to this point I
disagree- it'd actually be quite useful for libpq to gain capabilities
in this regard, as it's something that developers these days are clearly
interesting in having provided by a library (up to and including vault
solution integration, which is becoming more and more a standardized
thing, in order to get the needed key), so I dislike the implication
that we won't do that or that we'd look down on a patch which moved us
towards such a solution. There's certainly some of us in this community
who would very much look positively on such a patch.

Thanks,

Stephen