Re: What are best practices wrt passwords?
Alvaro Herrera <alvherre@alvh.no-ip.org>
From: Alvaro Herrera <alvherre@alvh.no-ip.org>
To: mbork@mbork.pl
Cc: pgsql-general@postgresql.org
Date: 2024-10-16T14:37:11Z
Lists: pgsql-general
On 2024-Oct-16, mbork@mbork.pl wrote: > I understand why giving the password on the command line or in an > environment variable is a security risk (because of `ps`), but I do not > understand why `psql` doesn't have an option like `--password-command` > accepting a command which then prints the password on stdout. For > example, I could then use `pass` (https://www.passwordstore.org/) with > gpg-agent. We had a patch to add PGPASSCOMMAND once: https://www.postgresql.org/message-id/flat/CAE35ztOGZqgwae3mBA%3DL97pSg3kvin2xycQh%3Dir%3D5NiwCApiYQ%40mail.gmail.com I don't remember the overall conclusions (other than the patch being rejected), but maybe you can give that a read. -- Álvaro Herrera PostgreSQL Developer — https://www.EnterpriseDB.com/