Em qui., 15 de jun. de 2023 às 16:12, OracleDba OracleDba <paul.gilbert.healy@xxxxxxxxx> escreveu:
all our postgres passwords are secured within a Hashicorp Vault.
Postgres passwords currency cycle every 45 days
Later this year DBA team will change that to Hourly.
it is easy enough to build a command line interface to retrieve a password from the vault
and it is easy enough to pipe that into a psql session
what I would like to do is either use a command line interface whereinI use the PGADMIN master password and perform maintenance on a password of a server
OR have pgadmin use Hashicorp's api to pull password directly from vault.
what are my options?
I'm not a pgadmin fan and don't use it but I think it respects the env vars so PGPASSWORD would be an option as I do for psql here.
So you can try something like, in the same command like :
PGPASSWORD=`vault read your_secret_path_or_plugin` pgadmin
Or do some bash mastery on your .bashrc to read the secret from vault every time you open your terminal.
Or do some bash mastery on your .bashrc to read the secret from vault every time you open your terminal.
Best,
Flavio
