| From: | Flavio Henrique Araque Gurgel <fhagur(at)gmail(dot)com> |
|---|---|
| To: | OracleDba OracleDba <paul(dot)gilbert(dot)healy(at)gmail(dot)com> |
| Cc: | pgsql-admin(at)lists(dot)postgresql(dot)org |
| Subject: | Re: is there pgadmin interface with Hashicorp Vault or command line interface to use master password and update password repository |
| Date: | 2023-06-15 20:15:19 |
| Message-ID: | CAGHTAeOshJeSsiPYBCEKMyfbVqrsTE0JmG13+NmKbmunuhpD0g@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
Em qui., 15 de jun. de 2023 às 16:12, OracleDba OracleDba <
paul(dot)gilbert(dot)healy(at)gmail(dot)com> escreveu:
> all our postgres passwords are secured within a Hashicorp Vault.
> Postgres passwords currency cycle every 45 days
> Later this year DBA team will change that to Hourly.
>
> it is easy enough to build a command line interface to retrieve a password
> from the vault
> and it is easy enough to pipe that into a psql session
>
> what I would like to do is either use a command line interface wherein
> I use the PGADMIN master password and perform maintenance on a password of
> a server
> OR have pgadmin use Hashicorp's api to pull password directly from vault.
>
> what are my options?
>
I'm not a pgadmin fan and don't use it but I think it respects the env vars
so PGPASSWORD would be an option as I do for psql here.
So you can try something like, in the same command like :
PGPASSWORD=`vault read your_secret_path_or_plugin` pgadmin
Or do some bash mastery on your .bashrc to read the secret from vault every
time you open your terminal.
Best,
Flavio
| From | Date | Subject | |
|---|---|---|---|
| Next Message | M Sarwar | 2023-06-15 22:50:12 | Re: The same result for with SPACE and without SPACE |
| Previous Message | David G. Johnston | 2023-06-15 18:04:41 | Re: The same result for with SPACE and without SPACE |