Command to generate hashed password

MrFoxPro commented 10 months ago

There is only one way to set hashed password in edgedb: via CLI. When running edgedb it's often useful to configure user in startup script, like this:

systemd.services.edgedb = {
  # ...
  path = ["/nix/var/nix/profiles/per-user/root/edgedb"];
  script = concatStringsSep " \\\n" [
    "edgedb-server"
    "--runstate-dir=/run/edgedb"
    "--backend-dsn=postgresql://?host=/run/postgresql"
  ];
  postStart = ''
    while [ ! -S ${edb.socket} ]; do sleep 2; done
    chmod g+rw ${edb.socket}
    ${edb.cmd} query 'ALTER ROLE edgedb SET password_hash := "${edb.password_hash}";' ||:
  '';
  # ...
};

And there is no way to do this. To achieve that, I'm running Rust tests from this repo with modified code to get generated hashed password:

#[test]
pub fn test_bootstrap_script(){
    let pass = "mypassword";
    let output = bootstrap_script("edgedb", "edgedb", pass);
    println!("initial script is: {}", output);
}

I think it's worth to add command to generate hashed password from CLI.

raddevon commented 10 months ago

Maybe do this in your --bootstrap-command?

MrFoxPro commented 10 months ago

Maybe do this in your --bootstrap-command?

Then I forced to store actual password in plaintext if not using some special tool to read it from file.

raddevon commented 10 months ago

I thought your goal was to store a hash, not a plain text password…

edgedb / edgedb-cli

Command to generate hashed password #1192