Home > mailing lists

Re: pgbackrest - hiding the encryption password - Mailing list pgsql-general

From	David Steele
Subject	Re: pgbackrest - hiding the encryption password
Date	May 19, 2021 21:34:42
Msg-id	f2206cdb-5801-97d0-ee30-6fb7386b594f@pgmasters.net Whole thread Raw
In response to	pgbackrest - hiding the encryption password (Ron <ronljohnsonjr@gmail.com>)
Responses	Re: pgbackrest - hiding the encryption password Re: pgbackrest - hiding the encryption password
List	pgsql-general

Tree view

On 5/19/21 1:49 PM, Ron wrote:
> 
> Currently on our RHEL 7.8 system, /etc/pgbackrest.conf is root:root and 
> 633 perms.  Normally, that's ok, but is a horrible idea when it's a 
> plaintext file, and stores the pgbackrest encryption password.
> 
> Would pgbackrest (or something else) break if I change it to 
> postgres:postgres 600 perms?

Nothing will break as far as I know. As long as pgbackrest can read the 
file it will be happy.

> Is there a better way of hiding the password so that only user postgres 
> can see it?

You could use an environment variable in postgres' environment, see 
https://pgbackrest.org/command.html#introduction.

In this case it would be PGBACKREST_REPO1_CIPHER_PASS=xxx

Regards,
-- 
-David
david@pgmasters.net

pgsql-general by date:

From: atirek khare
Date: 19 May 2021, 21:33:27
Subject: Question: pgp_sym_decrypt/pgp_sym_encrypt

From: Ron
Date: 19 May 2021, 21:37:00
Subject: Re: pgbackrest - hiding the encryption password

Re: pgbackrest - hiding the encryption password - Mailing list pgsql-general

Previous

Next