On 22.2.2014 00:02, Josh Berkus wrote: > On 02/21/2014 09:11 AM, Tomas Vondra wrote: >> What I think might be useful and safe at the same time is encrypted >> .pgpass with tools asking for the encryption key. Think of it as a simple >> passord wallet - not really useful if you're connecting to a single >> database, very useful if you have many as you only need to remember the >> single password. > > Sounds interesting, but probably better as an external utility than > as part of PostgreSQL. Call it pgWallet.
Depends on how you define external utility. It certainly needs to be somehow integrated with the tools using .pgpass. Do you have something particular in mind? While libsecret may look like a good choice, it kinda requires Gnome or KDE (or some other desktop environment supporting it) running, as it's just a proxy to the services provides by these environments. I'd bet most server installations won't have that installed, and in such cases it's pointless. Maybe it can be forwarded to the original machine somehow (something like what 'ssh -A' does), I'm not sure. I would prefer something self-contained, not requiring a lot of other stuff installed. What I envisioned is a simple wallet (basically encrypted .pgpass) with a simple management command-line tool. Let's call that 'pgpass', with these options pgpass list pgpass add pgpass rm I'm fully aware that writing a good / reliable / secure tool for storing passwords is tricky, and if there's something implemented and usable, let's use that. I'm also wondering how well will the existing solutions support the host/database/user/password model, with wildcards for some of the fields. I'd guess most of them use simple username/password pairs. regards Tomas -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
