How to fork pg_dump or psql w/o leaking secrets? - Mailing list pgsql-general

From Dominique Devienne
Subject How to fork pg_dump or psql w/o leaking secrets?
Date
Msg-id CAFCRh-_wXVEVx9y3OUama5Qjp7_-LuUq-pkhyo7=o1iJwrq1zQ@mail.gmail.com
Whole thread Raw
Responses Re: How to fork pg_dump or psql w/o leaking secrets?
List pgsql-general
Hi. To administer our PostgreSQL-based system, we have custom tools
to manage the schemas, load data, etc... Including a versatile CLI tool.

But that tool is special purpose, while sometimes we want/need the general
purpose PSQL. But because our ROLE and SCHEMA names are rather long
and unwieldly, it's cumbersome to SET ROLE and SET SEARCH_PATH manually
to setup the session for easy access to the data. Thus I'd like to fork PSQL from
our tool, which requires reconnecting to the server (thus possibly "secrets"),
and I also need to run some PSQL \commands and SQL to config PSQL correctly
for the context our tool was run with (i.e. our tool's own CLI options).

So how would I:
1) "pass secrets" somehow, so they don't leak to the PS command for example. stdin?
2) configure the forked PSQL in terms of SET ROLE, SET SEARCH_PATH, and possible other \commands?

In a very similar vein, I do my own backups using COPY, similar to [pg_dumpbinary][1],
for the same reasons, but using a different "container" (not several files), for several reasons,
but I'd like to reuse `pg_dump --pre/post-data` by also forking it, with the save issue #1 above,
to take care of the DDLs for me, while I handle the DMLs myself.

Does anybody have experience doing something similar?
Any public example anywhere?
Otherwise, any advice on how best to do it?

Thanks, --DD

pgsql-general by date:

Previous
From: Tom Lane
Date:
Subject: Re: whether I can add a new encoding?
Next
From: Elango Thiagarajan
Date:
Subject: Migration of Oracle Vault to Postgres