Search Postgresql Archives

Re: pgbackrest - hiding the encryption password

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 5/19/21 2:48 PM, Ron wrote:
On 5/19/21 1:34 PM, David Steele wrote:
On 5/19/21 1:49 PM, Ron wrote:

Currently on our RHEL 7.8 system, /etc/pgbackrest.conf is root:root and 633 perms.  Normally, that's ok, but is a horrible idea when it's a plaintext file, and stores the pgbackrest encryption password.

Would pgbackrest (or something else) break if I change it to postgres:postgres 600 perms?

Nothing will break as far as I know. As long as pgbackrest can read the file it will be happy.

Is there a better way of hiding the password so that only user postgres can see it?

You could use an environment variable in postgres' environment, see https://pgbackrest.org/command.html#introduction.

In this case it would be PGBACKREST_REPO1_CIPHER_PASS=xxx

Similarly there's PGBACKREST_REPO1_CIPHER_TYPE?

All options can be set through the environment. See the link for details.

Regards,
--
-David
david@xxxxxxxxxxxxx





[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]

  Powered by Linux