Re: pgAdmin in Kubernetes vs master password

public inbox for [email protected]  
help / color / mirror / Atom feed

From: Khushboo Vashi <[email protected]>
To: Morten Bonnerup Rasmussen <[email protected]>
Cc: [email protected] <[email protected]>
Subject: Re: pgAdmin in Kubernetes vs master password
Date: Mon, 14 Oct 2024 11:50:28 +0530
Message-ID: <CAFOhELfg5DXM0O9So3X0wYhXiKBD7DbsFnML2qmZ_iKNaMXVKw@mail.gmail.com> (raw)
In-Reply-To: <AS8PR07MB91342BD8EC5838E0E1599ED8E6792@AS8PR07MB9134.eurprd07.prod.outlook.com>
References: <AS8PR07MB91342BD8EC5838E0E1599ED8E6792@AS8PR07MB9134.eurprd07.prod.outlook.com>

On Fri, Oct 11, 2024 at 2:00 PM Morten Bonnerup Rasmussen <
[email protected]> wrote:

> Hi
>
> We are working on offering pgAdmin as a centrally managed tool to our
> developers.
> It is deployed in Kubernetes, based on this guide, with OAUTH2 enabled
> (Entra ID):
> Deploying pgAdmin on Kubernetes | EDB (enterprisedb.com)
> <https://www.enterprisedb.com/blog/how-deploy-pgadmin-kubernetes;
>
> But when the service is restarted, we get the master password prompt.
> I get this and can provide it. But if one of our developers is the first
> one to connect and they are prompted, this becomes problematic. They have
> no idea what the master password is.
>
> If you are using pgAdmin in web based multiuser mode with OAuth2, we would
recommend to use the master password and the reasons are mentioned here:
https://www.pgadmin.org/docs/pgadmin4/8.12/master_password.html
You can share this documentation with your developers to understand the
importance of it.

What is the best way to manage this challenge?
> We could disable usage of master password, but it looks like this would
> reduce security.
> Is it not possible to save it as a secret and provide as a parameter
> during startup, similar to the default pgadmin user/password?
>
>
>
> MORTEN BONNERUP RASMUSSEN
>
> TECH RELIABILITY SERVICES   /   SPECIALIST
>
> P
>
>
> +4599423174
>
> M
>
>
> +4530853174
>
> E
>
>
> [email protected] <[email protected]>
>
> W
>
>
> BESTSELLER.COM <http://bestseller.com;
>
> BESTSELLER A/S
>
> FREDSKOVVEJ 1, 7330 BRANDE
>
> DENMARK
>
>
>
>
>


Attachments:

  [image/png] u72xn3tdbm9ocd13img_O6hRpn64oQHurSjbv3.png (1.7K, 3-u72xn3tdbm9ocd13img_O6hRpn64oQHurSjbv3.png)
  download | view image

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: [email protected]
  Cc: [email protected], [email protected], [email protected]
  Subject: Re: pgAdmin in Kubernetes vs master password
  In-Reply-To: <CAFOhELfg5DXM0O9So3X0wYhXiKBD7DbsFnML2qmZ_iKNaMXVKw@mail.gmail.com>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox