support $POSTGRESQL_PASSWORD_ENCRYPTION env var

sclorg / postgresql-container

PostgreSQL container images based on Red Hat Software Collections and intended for OpenShift and general usage. Users can choose between Red Hat Enterprise Linux, Fedora, and CentOS based images.

http://softwarecollections.org

Apache License 2.0

164 stars 216 forks source link

support $POSTGRESQL_PASSWORD_ENCRYPTION env var #244

Open praiskup opened 6 years ago

praiskup commented 6 years ago

After quick chat with @jesperpedersen, it sounds really desirable to have a way to setup "scram-sha-256" algorithm for password_encryption easily. It can not be set default since clients supporting this auth mechanism are not yet widespread, but per-deployment opt-in would be good.

jesperpedersen commented 6 years ago

password_encryption is the on-disk storage format. If you require scram-sha-256 for login then you replace md5 with scram-sha-256 in pg_hba.conf.

See https://www.postgresql.org/docs/10/static/auth-methods.html#AUTH-PASSWORD

Documentation for scram-sha-256 is at https://www.postgresql.org/docs/10/static/sasl-authentication.html#SASL-SCRAM-SHA-256

jesperpedersen commented 6 years ago

But, yeah - best leave it as an opt-in

pkubatrh commented 1 year ago

Could be added as an option for new instances. Let us try and take a look if we can introduce something in near future.