| From: | John R Pierce <pierce(at)hogranch(dot)com> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: [SQL] encrypt psql password in unix script |
| Date: | 2015-07-08 19:20:37 |
| Message-ID: | 559D7805.3050909@hogranch.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general pgsql-sql |
On 7/8/2015 12:01 PM, Steve Midgley wrote:
> My suggestion is to put it in an environment variable and set that
> variable from a shell startup script that is secured with permissions.
> (http://www.postgresql.org/docs/9.4/static/libpq-envars.html)
>
that just moves the problem, now the plaintext password is in a script
file somewhere, AND many OS's let other users see your environment.
> If you can't do that, the only other method I've used is to setup
> Postgres with Ansible, and store the Pg passwords in an ansible vault,
> which is encrypted. Ansible asks for the decrypt key when it runs.
>
how would that work for unattended scripts, such as cron jobs ?
--
john r pierce, recycling bits in santa cruz
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tim Clotworthy | 2015-07-08 19:24:09 | Oracle to PostgreSQL Migration - Need Information |
| Previous Message | Xavier Stevens | 2015-07-08 19:08:18 | Re: [SQL] encrypt psql password in unix script |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Weiss | 2015-07-09 06:29:59 | decode double slash octal |
| Previous Message | Xavier Stevens | 2015-07-08 19:08:18 | Re: [SQL] encrypt psql password in unix script |