pgbouncer icon indicating copy to clipboard operation
pgbouncer copied to clipboard

Published 20 hours ago verified publisher icon brainsam

Don't reveal the password on startup

Open gjcarneiro opened this issue 6 years ago • 6 comments

When I get the logs of my container, I get something like:

create pgbouncer config in /etc/pgbouncer
#pgbouncer.ini
# Description
# Config file is in “ini” format. Section names are between “[” and “]”.
# Lines starting with “;” or “#” are taken as comments and ignored.
# The characters “;” and “#” are not recognized when they appear later in the line.
[databases]
* = host=aux-db.gambit port=5432 user=grafana password=THE_REAL_PASSWORD
[...]

Now, THE_REAL_PASSWORD is supposed to be secret, I would prefer it if it weren't logged!

gjcarneiro avatar Mar 15 '18 15:03 gjcarneiro

If any one else comes across this, just set $QUIET=true and the config file won't be printed out on startup.

https://github.com/brainsam/pgbouncer/blob/master/entrypoint.sh#L120

rhefner1 avatar Sep 05 '18 10:09 rhefner1

@rhefner1 could you close this ticket? if there is no further things to do

toloco avatar Jun 24 '20 12:06 toloco

@rhefner1 could you close this ticket? if there is no further things to do

@gjcarneiro is the creator of the issue. I can't close it. :)

rhefner1 avatar Jun 25 '20 21:06 rhefner1

Well, I would prefer that the container had some conservative security-conscious default behaviour. I shouldn't need to set QUIET env. The default behaviour should be sane.

gjcarneiro avatar Jun 25 '20 21:06 gjcarneiro

I see, Im gonna take care of this then, could we trade with the other PR? ;)

toloco avatar Jun 26 '20 11:06 toloco

https://github.com/brainsam/pgbouncer/pull/28

toloco avatar Jun 26 '20 12:06 toloco