edgedb-cli Command to generate hashed password

Command to generate hashed password

Open MrFoxPro opened this issue 1 year ago • 3 comments

There is only one way to set hashed password in edgedb: via CLI. When running edgedb it's often useful to configure user in startup script, like this:

systemd.services.edgedb = {
  # ...
  path = ["/nix/var/nix/profiles/per-user/root/edgedb"];
  script = concatStringsSep " \\\n" [
    "edgedb-server"
    "--runstate-dir=/run/edgedb"
    "--backend-dsn=postgresql://?host=/run/postgresql"
  ];
  postStart = ''
    while [ ! -S ${edb.socket} ]; do sleep 2; done
    chmod g+rw ${edb.socket}
    ${edb.cmd} query 'ALTER ROLE edgedb SET password_hash := "${edb.password_hash}";' ||:
  '';
  # ...
};

And there is no way to do this. To achieve that, I'm running Rust tests from this repo with modified code to get generated hashed password:

#[test]
pub fn test_bootstrap_script(){
    let pass = "mypassword";
    let output = bootstrap_script("edgedb", "edgedb", pass);
    println!("initial script is: {}", output);
}

I think it's worth to add command to generate hashed password from CLI.

Dec 19 '23 03:12 MrFoxPro

Maybe do this in your --bootstrap-command?

Dec 19 '23 12:12 raddevon

Maybe do this in your --bootstrap-command?

Then I forced to store actual password in plaintext if not using some special tool to read it from file.

Dec 19 '23 14:12 MrFoxPro

I thought your goal was to store a hash, not a plain text password…

Dec 19 '23 15:12 raddevon

edgedb-cli edgedb-cli copied to clipboard

Command to generate hashed password

edgedb-cli
edgedb-cli copied to clipboard