public inbox for [email protected]
help / color / mirror / Atom feedFrom: Alvaro Herrera <[email protected]>
To: [email protected]
Cc: [email protected]
Subject: Re: What are best practices wrt passwords?
Date: Wed, 16 Oct 2024 16:37:11 +0200
Message-ID: <[email protected]> (raw)
In-Reply-To: <[email protected]>
On 2024-Oct-16, [email protected] wrote:
> I understand why giving the password on the command line or in an
> environment variable is a security risk (because of `ps`), but I do not
> understand why `psql` doesn't have an option like `--password-command`
> accepting a command which then prints the password on stdout. For
> example, I could then use `pass` (https://www.passwordstore.org/) with
> gpg-agent.
We had a patch to add PGPASSCOMMAND once:
https://www.postgresql.org/message-id/flat/CAE35ztOGZqgwae3mBA%3DL97pSg3kvin2xycQh%3Dir%3D5NiwCApiYQ...
I don't remember the overall conclusions (other than the patch being
rejected), but maybe you can give that a read.
--
Álvaro Herrera PostgreSQL Developer — https://www.EnterpriseDB.com/
view thread (4+ messages)
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected]
Subject: Re: What are best practices wrt passwords?
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox