| From: | Ron <ronljohnsonjr(at)gmail(dot)com> |
|---|---|
| To: | pgsql-general(at)lists(dot)postgresql(dot)org |
| Subject: | Re: pgbackrest - hiding the encryption password |
| Date: | 2021-05-19 19:03:04 |
| Message-ID: | 7696d4bb-ec88-3724-f94e-d51dd3093b08@gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On 5/19/21 1:34 PM, David Steele wrote:
> On 5/19/21 1:49 PM, Ron wrote:
>>
>> Currently on our RHEL 7.8 system, /etc/pgbackrest.conf is root:root and
>> 633 perms. Normally, that's ok, but is a horrible idea when it's a
>> plaintext file, and stores the pgbackrest encryption password.
>>
>> Would pgbackrest (or something else) break if I change it to
>> postgres:postgres 600 perms?
>
> Nothing will break as far as I know. As long as pgbackrest can read the
> file it will be happy.
>
>> Is there a better way of hiding the password so that only user postgres
>> can see it?
>
> You could use an environment variable in postgres' environment, see
> https://pgbackrest.org/command.html#introduction.
>
> In this case it would be PGBACKREST_REPO1_CIPHER_PASS=xxx
>
> Regards,
That worked after I exported the environment variables.
--
Angular momentum makes the world go 'round.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | David Steele | 2021-05-19 19:04:26 | Re: pgbackrest - hiding the encryption password |
| Previous Message | Ron | 2021-05-19 18:48:13 | Re: pgbackrest - hiding the encryption password |