Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1t14pe-00EcMW-Rl
	for pgsql-general@arkaria.postgresql.org; Wed, 16 Oct 2024 14:16:58 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1t14pd-0043Kb-5s
	for pgsql-general@arkaria.postgresql.org; Wed, 16 Oct 2024 14:16:57 +0000
Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29])
	by malur.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <felix.quintgz@yahoo.com>)
	id 1t14pc-0043KS-Cj
	for pgsql-general@lists.postgresql.org; Wed, 16 Oct 2024 14:16:57 +0000
Received: from sonic316-20.consmr.mail.ne1.yahoo.com ([66.163.187.146])
	by magus.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.94.2)
	(envelope-from <felix.quintgz@yahoo.com>)
	id 1t14pZ-001Mq0-8B
	for pgsql-general@postgresql.org; Wed, 16 Oct 2024 14:16:56 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1729088210; bh=7zFCyjN5BCO94jodHkbmw0svgtv+L0UhLJqRq08cExQ=; h=Date:From:To:In-Reply-To:References:Subject:From:Subject:Reply-To; b=IwajHh7HasyqTZthO57vrK/NDBuMRUsQQlj9Fnh3T6uHiVaJFAbScg28SthOuLZKYlUmG3eB/LbA0P9v4C8wAaLE2BkYiAsJfW351nRvWstwb2jTs6IwjVs7FUlc3/JFXXWQKmt+1qmPw9CMd7RIXd9hQobmhqLgVktXzDgIECNZwwkP65s9VM9zfAX3NtMVef0sf/OcJbCaz1qZZ2QzwA6bLUGK9keCQe5RHtXgVLl3sF45qd49XRouHst9t5oYEZFDBCgu4oZIvibh+8CTf6f9GSrj8uGx+0SE6W2haiImTo3v7LfGMZFClxwUA4hQunAZJFQ5Kl8P2r8ong5ZVQ==
X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1729088210; bh=5VuZj1SqUeQ/h28pYDpHG2CpYPHKNOI6DAar+ZEdN9a=; h=X-Sonic-MF:Date:From:To:Subject:From:Subject; b=Uynpip8FOG+2I53784OQpDn1mSfi9JS6NGFYFRyAiQuoZt/IGpm1WFpwcVGaZsheYLpTRLD+pbfXz4Cv2UUOtqXh3eQkX+wdloBpwezN+OMKiM9gUWWJ3lQl7JBQ1w/j0jrg0Ux/2jWzpXyg/K3KpOUXBZmYitHLq23rGXU5R8HS9CBmXL9MaJHYN1Qvkr3IKOu/MYdH7auWFjU+6y4iPadz/UQRV+OP8jkzBFSm5vn4pmk3c9s9M9T/UdhQx+2aRkVO/BqztR7AhCLAbLGbK9yM/cTa51bXh0HLpTQbQGGCUrgOImBCPagqUukNEnQ0BRqDpv7EWx4+rIPUZ0AHbw==
X-YMail-OSG: 2TOW91wVM1kwyFxhjg3VFbzFxyAIbD5_OrHEluBUs4iI0MofTLnRwzXPfAmgn6I
 UFP2J4IQU1H63aZ4989161lcYNBTK5TgrI40EooO2Y9JYp0lG5x_T3vEEckv0s_bCzsaN6kClQ05
 bcrXuT7tjXFcxlW5GcP8c0N95ipLZw2i6T45nY84bAkYEGFOhPwmDttwzqPQZqdpCXIoenxLESWb
 ITmxZ7CSp0S4Hr5hc29KdYiGeuerBRI9G19THjEZMGcWIPNOgfSW1n.Ht8dWm2j1xJu83iv0N_i4
 9V3D1rRDUbdN_gk_qJ2C1yYcs8VG0nnKTjFXH8S7n1ktnEwOpYoybl_UcMV2rVOWXQpeks3MqUmD
 1Nag1kYWOjKsV9MpICS_Ax9g55c6UFQ_svYmm9uKrjlueB68VUmND6uWOxQak6NpZFGSNKxbbZZm
 GWuM9v0l_6WQ5rri2bH6h5anslJx88G0_bZ4OXiJiFPkRyEUKAaqYsl3kg6hwMVdws..3fxE3aBM
 kIuF4Iev1Lkfgk4qeIYNJYVuHZChmUhYPGhmFZ9On.Nj7ysv69cv7QxVj0QrJnhQ8hmixBzj9XpW
 3iBMXfRSShjfbSu9hhfIGCEfzpSIVPfAXOkRcQTLFxgOR6mP3mWaXaWTWicYuSryLihmnibHYkrR
 _.YB3pCzEca8TMxF8E.ZLbs_e5IeCOVKEuDPaUkyahPJ4E4ysEnHGEdRubjXM2BPqVf7SDIEc0C5
 q9wFsyDm.Uez6dVidcZhKnMAsd.fulz__xWE24fup4ozjhvlozII3fOngYVXHeYJ5qWMvAqpyaTO
 9rRm5P1rOSNLyGn43GjqqRIOB_UUl.w_82hp4D4Pgn0V.nvHaRMASG18zcAwHxkDqljWax3OoPja
 bZYruigrqPnZwYQ16KGeTbB3EsCpH9Ber_7YQNbzxwJL7XTxn.1HJzTXoUtSVs9r2tC16Mz9brMV
 rJlmjaiF7r7sB2qLcvcQpJ_OeIypSJpUd8tAFrSIwBRzURpl7lUBcw2c7pAmdM8tdsLRQt3iNa2Z
 MIKKYIOdwpbYja1Iy6krldL3lTNAoC3BHDO06q0HfCA.X1RnALC_LFddVGltE8NMBCBt6kPKp3qm
 q1acRVR_AnBIM38oXziun7MAC57wpaWA.rjzBBUx2XFIKZQ9h.C167_F5DtVcSU1b3a.QmyBGogi
 deEW1ygH.x_AEPEEaoSkeuLljSPpLxIunLfJACuF9DpuxjXORfhJm3E8wp82esbcUTdWOOzOS.YU
 3Xs5sAeZWzwPR_wXkXnayMdSa27ISM5_lHnB2qy7lU_mlxo.qATWNtHqwkyKv24ZA1wVeZd0Bmfd
 XweAvGVsIVEC16ylYeEFVjgJMH59vr8IhvfHUO2bJwq2_.JZ4z1eI625PRsA7HtrtQKk89rH6Ib3
 d3HaHcwrDuhoXdH90LSMjsPbDilNtEJ8ziY7YNG6cYSCzN5bY9XqqdHTw_yiJ3NbXhQ8_.LkRR2.
 0P_4XDQK.3fetXSQYIqxC2pdJNI1KOfoNJ2UpUO97lwkLzfeYLWU9LmUgYu7pa5.esb5agZJCrKb
 5dT_x.h1HIXg784asxTwZy1qVjRF0jnHMNtavowNZ_B96IzILq8Iv7qnEkEu3cWBOgRMvinixpad
 MYF3VEcbN6Fwp0hNPIX3VeF_J5xBbYljK.FmqebAb.GzQEqRcLl9ojyhnDD30owtBDR5AJR0GAYx
 kkZZTKogZ0QE4..wVrMRiXTmn3.P66xTprVBMs_xpEsCFUS9y5YNK.x7EMpCSnXj6qGMA1vtQvSG
 tNcFvdLbuUGGtCF2JoD7mnEIOyzo3xhS2SY82ItG_MdX2hxabhb9J.KKhB0eNJp7Re0rUAfCmxsv
 BsXLspF19uYHrSHB5GaHAC.8boFoQWdHKUmmk1Bjfm.8t6GVQeLE_39oWr3Liy2GAr4jR0KAAVbU
 mhO9ytzRIkbC2AHDBysM4j0Q6Ws.EpOo01KFUHsgfiRkYBi2D2g5wiBI0mw54t0BPZKLFskGahix
 GWEmJJnCrGL6Iibrd5VrrQ06pgcU0aiUf5zzu1NnmvjNB2cYilpVMO_KuxOd_fzeSlG66gkGSXQu
 4dX1OEeVCbIK7nTzAjtiDO2E776GEJuWs0Vn_yfLifbiyvQmtP6Qg7CZ1bwjKJhXMwUZC_aq7J6p
 qvzUwdihurJmLNsCCuOnI7HNC2zX2a98xN2UL7th_SYfbo3h3IlNQqLkLBkifMtGGVHJpzWEdHoz
 yejY6ofJSZQy81u3HcGTdtQwm
X-Sonic-MF: <felix.quintgz@yahoo.com>
X-Sonic-ID: 55a3dbd4-72b8-44ca-8e4d-47db7b228fec
Received: from sonic.gate.mail.ne1.yahoo.com by sonic316.consmr.mail.ne1.yahoo.com with HTTP; Wed, 16 Oct 2024 14:16:50 +0000
Date: Wed, 16 Oct 2024 14:16:45 +0000 (UTC)
From: felix.quintgz@yahoo.com
To: pgsql-general@postgresql.org
Message-ID: <48574746.2559694.1729088205609@mail.yahoo.com>
In-Reply-To: <87o73kgzkd.fsf@mbork.pl>
References: <87o73kgzkd.fsf@mbork.pl>
Subject: Re: What are best practices wrt passwords?
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-Mailer: WebService/1.1.22806 YMailNodin
Content-Length: 1292
List-Id: <pgsql-general.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-general@lists.postgresql.org>
List-Owner: <mailto:pgsql-general-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-general>
Archived-At: <https://www.postgresql.org/message-id/48574746.2559694.1729088205609%40mail.yahoo.com>
Precedence: bulk

Use the PGPASSWORD environment variable.
Example:

SET PGPASSWORD=3DP0stgres
psql -h localhost -p 5432 -U postgres -d postgres -c "SELECT 1;'"

https://www.postgresql.org/docs/current/libpq-envars.html


 On Wednesday, October 16, 2024 at 08:26:05 AM GMT-4, <mbork@mbork.pl> wrot=
e:

 Hello all,

I'd like to be able to use psql without typing passwords again and
again.=C2=A0 I know about `.pgpass` and PGPASSFILE, but I specifically do n=
ot
want to use it - I have the password in the `.env` file, and having it
in _two_ places comes with its own set of problems, like how to make
sure they don't get out of sync.

I understand why giving the password on the command line or in an
environment variable is a security risk (because of `ps`), but I do not
understand why `psql` doesn't have an option like `--password-command`
accepting a command which then prints the password on stdout.=C2=A0 For
example, I could then use `pass` (https://www.passwordstore.org/) with
gpg-agent.

Is there any risk associated with this usage pattern?=C2=A0 What is the
recommended practice in my case other than using `.pgpass`?

Thanks in advance,

P.S. Please CC me in replies, since I'm not subscribed to the list.
Thanks.

--
Marcin Borkowski
https://mbork.pl
https://crimsonelevendelightpetrichor.net/