Storing credentials for Postgres


I’m writing a cli utility for a service, we need to talk directly to the Postgres-database. Any ideas how to store login credentials to disk (on client). Some third party packages etc?

// Micke

Either ask the user of the CLI for the creds each time, or make sure its 600 (or under ACL even).

Encryption is rather pointless here, as any encryption either would require the decryption key to be available on the client, or implementing an exchange mechanism with a server, against which one had to authorize, which again would require secrets to be available publicly or provided by the user on each access…

Alternatively: Use HashiCorps Vault. (which is still a server based solution which requires some local secrets, though they are easily revocable in case of an emergency)

1 Like

it is common to use an environment variable, e.g:


more informations:

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.