> On 23 Feb 2018, at 11:14, Peter Eisentraut <peter.eisentr...@2ndquadrant.com> > wrote: > > Here is a patch that adds a way to specify an external command for > obtaining SSL passphrases. There is a new GUC setting > ssl_passphrase_command.
+1 on going down this route. > Right now, we rely on the OpenSSL built-in prompting mechanism, which > doesn't work in some situations, including under systemd. This patch > allows a configuration to make that work, e.g., with systemd-ask-password. + replaced by a prompt string. (Write <literal>%%</literal> for a + literal <literal>%</literal>.) Note that the prompt string will I might be thick, but I don’t see where the %% handled? Also, AFAICT a string ending with %\0 will print a literal % without requiring %% (which may be a perfectly fine case to allow, depending on how strict we want to be with the format). cheers ./daniel
