postgresql-container icon indicating copy to clipboard operation
postgresql-container copied to clipboard

Published 20 hours ago verified publisher icon sclorg

support $POSTGRESQL_PASSWORD_ENCRYPTION env var

Open praiskup opened this issue 6 years ago • 3 comments

After quick chat with @jesperpedersen, it sounds really desirable to have a way to setup "scram-sha-256" algorithm for password_encryption easily. It can not be set default since clients supporting this auth mechanism are not yet widespread, but per-deployment opt-in would be good.

praiskup avatar Mar 05 '18 12:03 praiskup

password_encryption is the on-disk storage format. If you require scram-sha-256 for login then you replace md5 with scram-sha-256 in pg_hba.conf.

See https://www.postgresql.org/docs/10/static/auth-methods.html#AUTH-PASSWORD

Documentation for scram-sha-256 is at https://www.postgresql.org/docs/10/static/sasl-authentication.html#SASL-SCRAM-SHA-256

jesperpedersen avatar Mar 05 '18 12:03 jesperpedersen

But, yeah - best leave it as an opt-in

jesperpedersen avatar Mar 05 '18 13:03 jesperpedersen

Could be added as an option for new instances. Let us try and take a look if we can introduce something in near future.

pkubatrh avatar Feb 22 '23 09:02 pkubatrh