| From: | Tim Cross <theophilusx(at)gmail(dot)com> |
|---|---|
| To: | pgsql-admin(at)lists(dot)postgresql(dot)org |
| Subject: | Re: How to encrypt password in pgpass file |
| Date: | 2021-02-24 00:27:45 |
| Message-ID: | 87eeh6xnyy.fsf@gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
Vipin Madhusoodanan <vipin(dot)madhusoodanan(at)gmail(dot)com> writes:
> Hi Team,
>
> We have a security requirement to encrypt passwords in .pgpass file. Could you please advise on the options and steps to be followed to achieve this.
>
Basically, don't use .pgpass. I think .pgpass should be viewed as old
legacy solution which is not terribly compatible with today's security
requirements. I don't think there is support for encrypting the .pgpass
file. Even if you could encrypt the .pgpass file, you would then need to
decrypt it with a passpharase anyway (you could have a key which has no
passpharase, but if that is on the same system, what have you achieved
apart from a false sense of security).
How to best solve your requirement depends on the specifics of your
requirement. However, often you can implement something more secure by
using environment variables which are set for the process the psql (or
whatever) command executes in. The value for the variable can be
obtained from a secure source, such as a keyring, ldap server, gpg
encrypted file etc.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | raf | 2021-02-24 04:42:23 | Re: How to encrypt password in pgpass file |
| Previous Message | jesusthefrog | 2021-02-24 00:10:32 | Re: How to encrypt password in pgpass file |