You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I see that with marabunta there are two ways to supply password. Either directly on command line or via environment variable. Direct password does not feel secure. Where environment variable is more secure, but it could still be accidentally leaked via some logs etc. So I would better not pass raw password value with that either.
What do you think about third option, to pass password as a file which is then read by marabunta. This way password would not be supplied directly.
I see that with marabunta there are two ways to supply password. Either directly on command line or via environment variable. Direct password does not feel secure. Where environment variable is more secure, but it could still be accidentally leaked via some logs etc. So I would better not pass raw password value with that either.
What do you think about third option, to pass password as a file which is then read by
marabunta. This way password would not be supplied directly.I like the way postgres docker implemented this (https://github.com/docker-library/postgres/blob/dd84d6fccbab39bb67fb8f80b9fb2bfc5cb0c992/13/bullseye/docker-entrypoint.sh#L9). You can either use
POSTGRES_PASSWORDenv orPOSTGRES_PASSWORD_FILE(but not both), if you passPOSTGRES_PASSWORD, it works same way as marabunta, but if you passPOSTGRES_PASSWORD_FILE, it reads value from specified file path.So maybe it would be good to add third option
--db-password-fileandMARABUNTA_DB_PASSWORD_FILEenv?The text was updated successfully, but these errors were encountered: