At the moment, whenever we use the password field contained in the declared externalCluster.password secret to build the connection information to the PostgreSQL server we insert the password in the DSN.
The proposal here is to actually leverage the PostgreSQL .pgpass file for this purpose by omitting the password field in the DSN, therefore triggering the password file capability.
The idea is to generate for each externalCluster that contains a password field an entry in the ~/.pgpass file, with the following content:
hostname:port:*:username:password
Note that the dbname is fixed to * as we do not want to discriminate based on the target database, just the pair host:port.
As part of this feature, please make sure that the code is refactored to use this technique everytime we use the password field in a way that is potentially and unnecessarily exposed.
dtseiler, jarom-pdk, mmanes, pascal-hofmann and YanniHu1996
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4