Passing Postgres database user password as an argument?

[Dangeranger]

Hello,

I noticed that you support the following for passing parameters to the /etc/duply/postgres/pre backup bash script

# Posgresql
backup_postgres_user: postgres
backup_postgres_host: ""

Do you support passing a password argument for the database into this script as well? I would prefer to not have to set a trust within a pg_hba.conf file for whichever user is being used for backup access.

Is this something that needs to be set as an environment variable, or passed within the backup_profile[:source] ?

[Dangeranger]

Sorry, it looks like postgresql doesn't allow automated password passing in scripts as an argument and requires that a file be present in the users $HOME dir at ~/.pgpass and have permissions set as 0600

I think that the instructions below will work, even for the postgres user, however you will need to know the postgres users PostgreSQL password for the ~/.pgpass file creation.

$ sudo su - database_user
$ echo " localhost:5432:mydbname:database_user:mypass" > ~/.pgpass
$ chmod 0600 ~/.pgpass

Official Postgres pgpass documentation Stackoverflow - Using ~/.pass QA Stackoverflow posgres user security

[holms]

@Dangeranger without you, i'd die in here.. thanks for this.. such a strange approach...

[Dangeranger]

@holms Glad I could help

[holms]

I think I've found something that works for your issue. Adding global variable before pg_dump command in pre.j2 makes it work

PGPASSWORD={{ backup_postgresl_pass }} pg_dump...

@Stouts would you accept pull request?

[Dangeranger]

@holms That would work. I haven't touched this project in 9 months, but I believe that his configuration would be useful for others.

[holms]

Last commit 13 hours so it's still alive :D @Dangeranger can you re-open this ticket? I'll submit pull request

[klen]

@holms PR is very welcome