> On 23 Feb 2018, at 11:14, Peter Eisentraut <peter.eisentraut@2ndquadrant.com> wrote:
>
> Here is a patch that adds a way to specify an external command for
> obtaining SSL passphrases. There is a new GUC setting
> ssl_passphrase_command.
+1 on going down this route.
> Right now, we rely on the OpenSSL built-in prompting mechanism, which
> doesn't work in some situations, including under systemd. This patch
> allows a configuration to make that work, e.g., with systemd-ask-password.
+ replaced by a prompt string. (Write <literal>%%</literal> for a
+ literal <literal>%</literal>.) Note that the prompt string will
I might be thick, but I don’t see where the %% handled? Also, AFAICT a string
ending with %\0 will print a literal % without requiring %% (which may be a
perfectly fine case to allow, depending on how strict we want to be with the
format).
cheers ./daniel
