Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add DB_URL_FILE and DB_PASSWORD_FILE #595

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Add DB_URL_FILE and DB_PASSWORD_FILE #595

wants to merge 1 commit into from

Conversation

Munksgaard
Copy link

@Munksgaard Munksgaard commented Sep 8, 2024
edited
Loading

This allows passing sensitive DB passwords through files instead of environment variables. This makes collector work better with systemd credentials and NixOS flakes.

Fixes #540

@Munksgaard
Add DB_URL_FILE and DB_PASSWORD_FILE
c819dfc 
This allows passing sensitive DB passwords through files instead of environment
variables. This makes collector work better with [systemd
credentials](https://systemd.io/CREDENTIALS/) and NixOS flakes.

Fixes pganalyze#540
@Munksgaard
Copy link
Author

I am unsure if I should add similar functionality for PGA_API_KEY. I'm guessing this is considered sensitive information as well, but the logic around loading PGA_API_KEY seems a bit more complicated, so I would probably need some guidance.

msakrejda
msakrejda reviewed Sep 23, 2024
View reviewed changes
Copy link
Contributor

@msakrejda msakrejda left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice, thanks for the contribution. Thoughts:

  • Should the _FILE versions silently override the explicitly specified strings like this?
  • Should we be using TrimSpace? Technically your password could start or end with a space
  • Should we support these from a file-based config, in addition to env-based config?
  • There's currently no way to return an error from getDefaultConfig, but is panic the right error-handling strategy here?

@Munksgaard
Copy link
Author

Hi @msakrejda!

These are all good questions, which I don't think I'm necessarily the right person to answer, but I'll give it a shot. To preface, I'll say that I don't have much experience with go, so forgive my ignorance.

  1. I think that is how these things usually go, but I wouldn't mind adding a warning of some sort. How would you suggest I do that?
  2. Great question. I would think that these values are usually trimmed, to remove any newlines at the end of the file, but you've got a great point that the password might contain spaces. I'm fine with removing the trimming if desired.
  3. Sure, I don't see why not. How/where would I add that?
  4. Great question. I'll leave that up to the maintainers to decide.

@msakrejda
Copy link
Contributor

Thanks. I'll check in with my colleagues and we'll follow up.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@msakrejda msakrejda msakrejda left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Feature request: Add DB_PASSWORD_FILE or similar
2 participants
@Munksgaard @msakrejda