Hi Lutz, Did you try removing pgpass from configs? PGPASS_FILE should be enough.
On Wed, Mar 26, 2025 at 3:05 PM Lutz Badenheuer <l...@lukenukem.de> wrote: > Hello everybody, > > I'd like to deploy PgAdmin4 with Ansible to a Docker Swarm cluster without > any > authentication and authorization, as it will not be exposed to the public. > > Only internal SSH users will be able to access the SSH tunnel endpoint, a > unix > domain socket. These users are already authenticated with their SSH public > key > and a second factor, and each of them is an experienced, trusted user. > > Unfortunately, PgAdmin4 makes it very hard for me to accomplish this, or > maybe > I didn't find or understand the relevant documentation. I have already > managed > to automatically login into PgAdmin4 by forcing it into desktop mode, but > when > I try to open a database in the menu on the left side, PgAdmin4 keeps > asking > for a password -- which has already been supplied with a PGPASS_FILE. > > Please, don't get me wrong: I highly appreciate when developers try to > develop > their software as secure as possible, thus protecting unexperienced users > from > insecure setups. And to be honest, I'm also not happy with having to force > the > software into desktop mode just to circumvent having to log into PgAdmin4. > But > then, having to spread passwords and add documentation to our projects > just so > my users can access that database doesn't make me happy either. > > What I have already accomplished and tried so far: > > - force PgAdmin4 into desktop mode (PGADMIN_CONFIG_SERVER_MODE: "False"), > thus > omitting the need to login into PgAdmin4 > - adding a PGPASS_FILE (with and without leading dots) with Docker configs > to > - /var/lib/pgadmin/pgpass > - /var/lib/pgadmin/pgpass/storage/sw_lukenukem.de/pgpass > - setting the correct password in servers.json with the settings > - Password > - PassFile > > At the moment, the service configuration in my docker-compose.yml looks > like > so (and no, please rest assured that s3cR3t is not the real password ;-): > > --snip----- > pgadmin: > image: dpage/pgadmin4:latest > environment: > PGADMIN_DEFAULT_EMAIL: "s...@lukenukem.de" > PGADMIN_DEFAULT_PASSWORD: "s3cR3t" > PGADMIN_LISTEN_ADDRESS: "0.0.0.0" > PGADMIN_DISABLE_POSTFIX: "True" > PGADMIN_CONFIG_SERVER_MODE: "False" > PGADMIN_CONFIG_MASTER_PASSWORD_REQUIRED: "False" > PGPASS_FILE: "/var/lib/pgadmin/pgpass" > configs: > - source: servers_json > target: /pgadmin4/servers.json > - source: pgpass > target: /var/lib/pgadmin/pgpass > uid: "5050" > gid: "0" > mode: 0600 > - source: pgpass > target: /var/lib/pgadmin/storage/sw_lukenukem.de/pgpass > uid: "5050" > gid: "0" > mode: 0600 > --snip----- > > However, after reading the documentation over and over and playing around > with > several configuration options, I'm at the end of my ideas. Any suggestions > and > hints are very welcome. If you need more information, please let me know. > > Thank you in advance and please excuse my bad english, I know I lack > training. > > Best wishes, > Lutz > -- Thanks, Aditya Toshniwal pgAdmin Hacker | Sr. Staff SDE II | *enterprisedb.com* <https://www.enterprisedb.com/> "Don't Complain about Heat, Plant a TREE"
