Open akamath46297 opened 5 years ago
This can be currently worked around by setting up the password directly in the settings.json, can't it?
PostgreSQL clients that are based upon libpq also lookup passwords from the pgpass
file. Maybe its possible to lookup if passwords are defined at this location? https://www.postgresql.org/docs/current/libpq-pgpass.html
Since .pgpass
is not a secure store, I wouldn't advocate for the extension adding to it, but if the password for a server is already stored in that file, using it seems safe?
Though that asymmetry might be rather confusing for some
Users should be able to provide a consent to store the password in the persistent store which the connection manager would utilize for future connections