Skip to content

Any way to hash POSTGRES_PASSWORD or remove env vars no longer needed after setup? #316

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
zam6ak opened this issue Jul 23, 2017 · 6 comments
Closed

Any way to hash POSTGRES_PASSWORD or remove env vars no longer needed after setup? #316

zam6ak opened this issue Jul 23, 2017 · 6 comments

Comments

@zam6ak
Copy link

zam6ak commented Jul 23, 2017

I am suspecting that POSTGRES_PASSWORD is required when creating the cluster the first time.
But then it stays there for everyone to see via docker inspect mycontainername

Even if I change the postgres user password, the original POSTGRES_PASSWORD is still there...(and now it shows wrong password)

If the environment variables are only needed for 1st time container setup, is there a way to remove them afterwards? If so should that be part of the script?

If that is not possible, is there a way to at least specify hash of the password ?
@yosifkit
Copy link
Member

You can pass it as a file using docker secrets (#225). You can also just supply a hashed password:

If the presented password string is already in MD5-encrypted format, then it is stored encrypted as-is

- https://stackoverflow.com/a/17431573

@zam6ak
Copy link
Author

zam6ak commented Jul 24, 2017

@yosifkit Thanks for the info. This helps a lot.
Is there a way to remove vars required only for initial container setup?

@tianon
Copy link
Member

tianon commented Jul 24, 2017 via email

@zam6ak
Copy link
Author

zam6ak commented Jul 24, 2017

Thanks @tianon . Closing the issue.

@zam6ak zam6ak closed this as completed Jul 24, 2017
@zam6ak
Copy link
Author

zam6ak commented Aug 27, 2017

@tianon

Unfortunately, only by saving the content in a volume and recreating the
container after the initial setup without the variables (which is how we
usually recommend folks handle this particular case).

I just had the opportunity to try this (using pg10 beta 3) and while the cluster starts fine, I can no longer connect to it with the same password :(

@gdraheim
Copy link

It sounds like you would actually need to edit the metadata of a docker image. In that case you could take an advantage of useing docker-copyedit.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@tianon @zam6ak @yosifkit @gdraheim