| From: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
|---|---|
| To: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com> |
| Cc: | pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: SSL passphrase prompt external command |
| Date: | 2018-02-26 06:32:36 |
| Message-ID: | FDE39406-5956-43EC-BA13-26285CEAA70C@yesql.se |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> On 23 Feb 2018, at 11:14, Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com> wrote:
>
> Here is a patch that adds a way to specify an external command for
> obtaining SSL passphrases. There is a new GUC setting
> ssl_passphrase_command.
+1 on going down this route.
> Right now, we rely on the OpenSSL built-in prompting mechanism, which
> doesn't work in some situations, including under systemd. This patch
> allows a configuration to make that work, e.g., with systemd-ask-password.
+ replaced by a prompt string. (Write <literal>%%</literal> for a
+ literal <literal>%</literal>.) Note that the prompt string will
I might be thick, but I don’t see where the %% handled? Also, AFAICT a string
ending with %\0 will print a literal % without requiring %% (which may be a
perfectly fine case to allow, depending on how strict we want to be with the
format).
cheers ./daniel
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Chapman Flack | 2018-02-26 06:39:30 | Re: Precision loss casting float to numeric |
| Previous Message | Michael Paquier | 2018-02-26 06:23:37 | Re: remove pg_class.relhaspkey |