On 7/8/2015 12:01 PM, Steve Midgley wrote:
My suggestion is to put it in an environment variable and set that variable from a shell startup script that is secured with permissions. (http://www.postgresql.org/docs/9.4/static/libpq-envars.html)
that just moves the problem, now the plaintext password is in a script file somewhere, AND many OS's let other users see your environment.
If you can't do that, the only other method I've used is to setup Postgres with Ansible, and store the Pg passwords in an ansible vault, which is encrypted. Ansible asks for the decrypt key when it runs.
how would that work for unattended scripts, such as cron jobs ? -- john r pierce, recycling bits in santa cruz -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
