-
Notifications
You must be signed in to change notification settings - Fork 266
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support IAM database authentication for Postgres datastore #659
Comments
@jhalleeupgrade any pointers on documentation on how that is enabled? |
@josephschorr Sure! |
cc @ecordell who will probably have opinions on the UX of how this is configured |
I'm not sure what the best CLI UX looks like for this feature. Because it looks like the password field is overloaded to provide this functionality, there is an interesting workaround that could be done now: write a tiny program that prints the output of |
@jzelinskie I think we would need to provide a way to refresh at runtime, because the AWS Auth token has an expiration deadline. |
You're totally right that the value actually is short-lived. There's a lot of good discussion on this issue for our Postgres library. It looks like we should decide the UX for this and then we can add a |
It looks like the postgres library supports an environment variable that specifies a password file whose value is read at connection time. If that's right then one way of using IAM database authentication today for a SpiceDB Postgres datastore is to run a script that re-writes the file at an interval appropriate for keeping credentials valid. Maybe some people might prefer the service file over the password file. |
Any updates on this? |
As of now, there is only support for username:password in the connection string for Postgres. For those who use an AWS's hosted Postgres, it's preferable to use IAM database authentication.
The text was updated successfully, but these errors were encountered: