public inbox for [email protected]
help / color / mirror / Atom feedpgAdmin in Kubernetes vs master password
2+ messages / 2 participants
[nested] [flat]
* pgAdmin in Kubernetes vs master password
@ 2024-10-11 08:30 Morten Bonnerup Rasmussen <[email protected]>
2024-10-14 06:20 ` Re: pgAdmin in Kubernetes vs master password Khushboo Vashi <[email protected]>
0 siblings, 1 reply; 2+ messages in thread
From: Morten Bonnerup Rasmussen @ 2024-10-11 08:30 UTC (permalink / raw)
To: [email protected] <[email protected]>
Hi
We are working on offering pgAdmin as a centrally managed tool to our developers.
It is deployed in Kubernetes, based on this guide, with OAUTH2 enabled (Entra ID):
Deploying pgAdmin on Kubernetes | EDB (enterprisedb.com)<https://www.enterprisedb.com/blog/how-deploy-pgadmin-kubernetes;
But when the service is restarted, we get the master password prompt.
I get this and can provide it. But if one of our developers is the first one to connect and they are prompted, this becomes problematic. They have no idea what the master password is.
What is the best way to manage this challenge?
We could disable usage of master password, but it looks like this would reduce security.
Is it not possible to save it as a secret and provide as a parameter during startup, similar to the default pgadmin user/password?
MORTEN BONNERUP RASMUSSEN
TECH RELIABILITY SERVICES / SPECIALIST
P
+4599423174
M
+4530853174
E
[email protected]<mailto:[email protected]>
W
BESTSELLER.COM<http://bestseller.com;
BESTSELLER A/S
FREDSKOVVEJ 1, 7330 BRANDE
DENMARK
[cid:eefe2496-3470-4a4d-867c-cf56bae1f259]
Attachments:
[image/png] u72xn3tdbm9ocd13img_O6hRpn64oQHurSjbv3.png (1.7K, 3-u72xn3tdbm9ocd13img_O6hRpn64oQHurSjbv3.png)
download | view image
^ permalink raw reply [nested|flat] 2+ messages in thread
* Re: pgAdmin in Kubernetes vs master password
2024-10-11 08:30 pgAdmin in Kubernetes vs master password Morten Bonnerup Rasmussen <[email protected]>
@ 2024-10-14 06:20 ` Khushboo Vashi <[email protected]>
0 siblings, 0 replies; 2+ messages in thread
From: Khushboo Vashi @ 2024-10-14 06:20 UTC (permalink / raw)
To: Morten Bonnerup Rasmussen <[email protected]>; +Cc: [email protected] <[email protected]>
On Fri, Oct 11, 2024 at 2:00 PM Morten Bonnerup Rasmussen <
[email protected]> wrote:
> Hi
>
> We are working on offering pgAdmin as a centrally managed tool to our
> developers.
> It is deployed in Kubernetes, based on this guide, with OAUTH2 enabled
> (Entra ID):
> Deploying pgAdmin on Kubernetes | EDB (enterprisedb.com)
> <https://www.enterprisedb.com/blog/how-deploy-pgadmin-kubernetes;
>
> But when the service is restarted, we get the master password prompt.
> I get this and can provide it. But if one of our developers is the first
> one to connect and they are prompted, this becomes problematic. They have
> no idea what the master password is.
>
> If you are using pgAdmin in web based multiuser mode with OAuth2, we would
recommend to use the master password and the reasons are mentioned here:
https://www.pgadmin.org/docs/pgadmin4/8.12/master_password.html
You can share this documentation with your developers to understand the
importance of it.
What is the best way to manage this challenge?
> We could disable usage of master password, but it looks like this would
> reduce security.
> Is it not possible to save it as a secret and provide as a parameter
> during startup, similar to the default pgadmin user/password?
>
>
>
> MORTEN BONNERUP RASMUSSEN
>
> TECH RELIABILITY SERVICES / SPECIALIST
>
> P
>
>
> +4599423174
>
> M
>
>
> +4530853174
>
> E
>
>
> [email protected] <[email protected]>
>
> W
>
>
> BESTSELLER.COM <http://bestseller.com;
>
> BESTSELLER A/S
>
> FREDSKOVVEJ 1, 7330 BRANDE
>
> DENMARK
>
>
>
>
>
Attachments:
[image/png] u72xn3tdbm9ocd13img_O6hRpn64oQHurSjbv3.png (1.7K, 3-u72xn3tdbm9ocd13img_O6hRpn64oQHurSjbv3.png)
download | view image
^ permalink raw reply [nested|flat] 2+ messages in thread
end of thread, other threads:[~2024-10-14 06:20 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed)
-- links below jump to the message on this page --
2024-10-11 08:30 pgAdmin in Kubernetes vs master password Morten Bonnerup Rasmussen <[email protected]>
2024-10-14 06:20 ` Khushboo Vashi <[email protected]>
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox