On 5/19/21 1:49 PM, Ron wrote:
>
> Currently on our RHEL 7.8 system, /etc/pgbackrest.conf is root:root and
> 633 perms. Normally, that's ok, but is a horrible idea when it's a
> plaintext file, and stores the pgbackrest encryption password.
>
> Would pgbackrest (or something else) break if I change it to
> postgres:postgres 600 perms?
Nothing will break as far as I know. As long as pgbackrest can read the
file it will be happy.
> Is there a better way of hiding the password so that only user postgres
> can see it?
You could use an environment variable in postgres' environment, see
https://pgbackrest.org/command.html#introduction.
In this case it would be PGBACKREST_REPO1_CIPHER_PASS=xxx
Regards,
--
-David
david(at)pgmasters(dot)net