On Heroku, apparently it is possible to use psql's \password command to change a password. Is this something that is "correct"? or do you have to use the rotate credentials facility documented here?
https://devcenter.heroku.com/articles/heroku-postgresql-credentials#pg-credentials-rotate
Thanks!
Related
Hi I'm using makefile to do lots of compiling and remote works.
In many occasion I would need to type in username and password for remote connection, VPN, code upload and other stuffs.
May it be possible to use makefile to auto type in the credential information?
Thanks a lot!
It is not the role of make to do this kind of thing. So there is no special support in a Makefile for handling credentials.
However, if you can get a shell script to do the "auto-typing" or provide the required credentials some other way, then you should be able to use the same approach in a Makefile.
We can't advise you on how the script would work, because you have given no actual details of the commands etc that you are using for remote access.
But if you are using ssh from a Linux box, you could use public key authentication and ssh-agent and avoid the problem entirely. This would be a lot more secure than:
using user / password auth at all, and
embedding passwords in your makefiles ... for someone else to find when they steal your laptop or whatever.
I have been looking into Ansible vault but want to check something incase I have missed a crucial point.
Do you have to run the playbook and provide the password. Encrypting the data seems a great idea but if I share the playbook the person running it will require the password. If they have the password then they can decrypt the file and see the data.
I would like to use it to set passwords for files but would like non admins to be able to run the playbook.
Have I missed something. I am struggling to see its worth if this is the case.
Thanks
The purpose of the vault is to keep secrets encrypted "at rest" (eg, in your source control repo, on-disk), so that someone can't learn the secrets by getting ahold of the content. As others have mentioned, if you want to delegate use of the secrets without divulging them, you'll need an intermediary like Tower.
In your case you need something that will be brokering ansible execution. Because like you've said an encryption would be useless if you share the password.
Like it's mentioned in the comment you can use Ansible Tower, or you can try and set a simple http endpoint that will be trigerring ansible based on specified parameters.
I am trying to create an Alfred workflow that connects to my server through ssh without asking for my password. I tried
ssh root#myServerIP ; mypswd
and many other variants, but i can't seem to be able to wait for terminal to ask me my password before the script answer it.
Is it possible, in this case and in general to pre-enter the password on a terminal command ?
Thanx a lot in advance
Jad
There is no need of ; at the end. You can just hit enter at the end of the line and it will take it as an input for next command. for your case, it would look something like this.
ssh root#myServerIP
mypswd
If it's possible, I'd try to make it so that your workflow doesn't involve using SSH as root. Storing your password in a script seems like a security risk.
What I would suggest is using public/private key pairs (tutorial here and other places) to enable passwordless login from your client to the server, and sidestep the issue entirely. It's technically possible to do this with the root account as well, but again, I wouldn't recommend it.
I'm writing a Ruby script that uses the PG gem to set up a database connection and send files. I'm structuring it to take variables for the hostname, username, database name, and port. In a Shell script I've written to manage some companion tasks, I rely on the password stored in ~/.pgpass instead of having the user enter a password for psql because there are a lot of transactions and sometimes entering the password can fail for no apparent reason (and it sucks entering it in 20 times).
Will PG access the same source when a password isn't explicitly provided? By convention, I've included the password in the file, but since this is being pushed to an internally available repo, I'd prefer not to have that information in my file. I'm trying to test the functionality now, but was wondering if anyone in the SO community knows the answer to this question. If PG doesn't access the .pgpass file, is there a way to reference the variable and write it into the file without prompting the user to enter the password?
Thanks in advance for your help.
Yes, it will use ~/.pgpass just like any interface based on libpq, the C PostgreSQL client library.
However, a good alternative for not having the password in a file is to have it in the PGPASSWORD environment variable. If you set this in a script, it will be inherited by every program it calls.
PGPASSWORD when set will be used as the password for any libpq connection, which means the majority of programs that connect to PostgreSQL.
Is there a way to use the already running ssh-agent in a bash session with net::ss::perl::agent ultimately so I don't have to setup keys again with net::ss::perl? I don't see any examples anywhere. I keep seeing a way to create a new agent but not a way to connect it to the shell? Thanks
Edit:
I should explain that I can't use Net::OpenSSH since i have to work with commercial SSH servers and the openssh client doesn't work properly with it(I've tested this).
Use Net::OpenSSH instead of Net::SSH::Perl
For me it just works. As long as the environment variables SSH_AUTH_SOCK and SSH_AGENT_PID are defined in the shell and point to a valid ssh-agent process Net::SSH::Perl::Agent will be able to talk to the agent. There are scripts that make this easier on the internet.