pgAdmin in Kubernetes vs master password - Morten Bonnerup Rasmussen

public inbox for [email protected]  
help / color / mirror / Atom feed

From: Morten Bonnerup Rasmussen <[email protected]>
To: [email protected] <[email protected]>
Subject: pgAdmin in Kubernetes vs master password
Date: Fri, 11 Oct 2024 08:30:36 +0000
Message-ID: <AS8PR07MB91342BD8EC5838E0E1599ED8E6792@AS8PR07MB9134.eurprd07.prod.outlook.com> (raw)

Hi

We are working on offering pgAdmin as a centrally managed tool to our developers.
It is deployed in Kubernetes, based on this guide, with OAUTH2 enabled (Entra ID):
Deploying pgAdmin on Kubernetes | EDB (enterprisedb.com)<https://www.enterprisedb.com/blog/how-deploy-pgadmin-kubernetes;

But when the service is restarted, we get the master password prompt.
I get this and can provide it. But if one of our developers is the first one to connect and they are prompted, this becomes problematic. They have no idea what the master password is.

What is the best way to manage this challenge?
We could disable usage of master password, but it looks like this would reduce security.
Is it not possible to save it as a secret and provide as a parameter during startup, similar to the default pgadmin user/password?

MORTEN BONNERUP RASMUSSEN

TECH RELIABILITY SERVICES   /   SPECIALIST

P

+4599423174

M

+4530853174

E

[email protected]<mailto:[email protected]>

W

BESTSELLER.COM<http://bestseller.com;

BESTSELLER A/S

FREDSKOVVEJ 1, 7330 BRANDE

DENMARK

[cid:eefe2496-3470-4a4d-867c-cf56bae1f259]

Attachments:

  [image/png] u72xn3tdbm9ocd13img_O6hRpn64oQHurSjbv3.png (1.7K, 3-u72xn3tdbm9ocd13img_O6hRpn64oQHurSjbv3.png)
  download | view image

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: [email protected]
  Cc: [email protected], [email protected]
  Subject: Re: pgAdmin in Kubernetes vs master password
  In-Reply-To: <AS8PR07MB91342BD8EC5838E0E1599ED8E6792@AS8PR07MB9134.eurprd07.prod.outlook.com>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox