Search Postgresql Archives

Feature/Suggestion: libpq/psql support for libsecret (formerly gnome-keyring)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I was working with a user and was looking for a convenient and secure method of password storage for `psql`.  I was reminded of the various options, `-p password`, PGPASSWORD, .pgpass and so on.  I was thinking it would be cool if psql/libpq could interact with the system keyring on linux systems, libsecret (formerly gnome-secret, seahorse, etc etc).

It seems like a match made in heaven actually.  libpq stores `hostname:port:database:username:password` and libsecret allows clients to store arbitrary attributes associated with passwords.  Perhaps hostname, port, database and username for example...

It seems like libpq could possibly just use libescret as an alternate backend to using the .pgpass file.

I'm envisioning something like an environment variable PGPASSBACKEND where the values are something like:
auto - (default) try libsecret if available, fall back to current behavior if libsecret is unavailable or a suitable secret isn't found
auto-save - like auto, but automatically save passwords in libsecret if it's unavailable
libsecret - only use libscret, fail if unavailable, fail if password not found
pgpass - current behavior.
(Discussion needed, just brainstorming...)

Clearly there'd have to be some thought around interaction w/ things like the -p -w and -W switches, other environment variables and default behaviors for things like saving secrets in libsecret or not, but I thought I'd start the discussion.

Regards,
-Alan


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]

  Powered by Linux