Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

support $POSTGRESQL_PASSWORD_ENCRYPTION env var #244

Open
praiskup opened this issue Mar 5, 2018 · 3 comments
Open

support $POSTGRESQL_PASSWORD_ENCRYPTION env var #244

praiskup opened this issue Mar 5, 2018 · 3 comments
Labels
easyfix

Comments

@praiskup
Copy link
Contributor

praiskup commented Mar 5, 2018

After quick chat with @jesperpedersen, it sounds really desirable to have a way to setup "scram-sha-256" algorithm for password_encryption easily. It can not be set default since clients supporting this auth mechanism are not yet widespread, but per-deployment opt-in would be good.
@jesperpedersen
Copy link

password_encryption is the on-disk storage format. If you require scram-sha-256 for login then you replace md5 with scram-sha-256 in pg_hba.conf.

See https://www.postgresql.org/docs/10/static/auth-methods.html#AUTH-PASSWORD

Documentation for scram-sha-256 is at https://www.postgresql.org/docs/10/static/sasl-authentication.html#SASL-SCRAM-SHA-256

@jesperpedersen
Copy link

But, yeah - best leave it as an opt-in

@pkubatrh
Copy link
Member

Could be added as an option for new instances. Let us try and take a look if we can introduce something in near future.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
easyfix
Projects
Containers
Status: Easy-fix
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jesperpedersen @praiskup @pkubatrh