2

I have the following problem:

  • I use the command rails dbconsole quite often.
  • Every time I do that for my production database, I have to enter a password.
  • My password is a long string that I have to look up and copy paste every time.

It feels like it should be possible to circumvent that and have rails automatically authenticate. But I haven't found anything useful for this. Is there a solution to this?

Improve this question
2
  • What database are you using? Commented Apr 1, 2020 at 18:59
  • PostgreSQL (see title) Commented Apr 2, 2020 at 3:18

2 Answers 2

Reset to default
0

Postgres

pgpass utility will be helpful https://www.postgresql.org/docs/current/libpq-pgpass.html, which allows you to specify credentials for remote databases (your production instance) in a .pgpass file on your local computer so you don't have to re-type when connecting each time.

Not sure it works directly with the Rails, but if your are running dbconsole then it's equivalent to just using psql, and specifying a few more options (user, dbname, etc.) and aliasing that.

MySQL

Similar to .pgpass, MySQL has a similar configuration file that can be specified: https://dev.mysql.com/doc/refman/5.6/en/mysql-config-editor.html.

See also: https://serverfault.com/questions/120170/mysql-equivalent-to-pgpass-or-automatic-authentication-in-a-cron-job-for-mysql

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

The .pgpass file didn't work for rails dbconsole (i.e. I still had to enter a password), but it did work for just running psql, which is almost as good for me.
Postgres also looks at the PGPASSFILE environment variable. I've verified that you can make that work. Create a file named pgpassfile for example. It should have 1 line in the following format: db_host:5432:db_name:db_user:db_password. Make sure others can't read the file: chmod 0600 pgpassfile. Set PGPASSFILE to the path to that file: export PGPASSFILE="$PWD/pgpassfile". Now you should be able to run rails dbconsole without a password.
0

Use rails dbconsole -p for older Rails versions. It should supply the password automatically. In recent Rails versions (7, maybe also 6.1) this is the default. But not so in older versions.

See: https://github.com/rails/rails/pull/45810

Improve this answer

7 Comments

The Rails maintainers will NOT make -p the default, because it may expose the password to other users on your system. See this PR comment and this commit.
@CraigBuchek, hmm, there seems to be some back and forth decisions. I hope at the end the security concerns will be fixed by supplying passwords via temporary option files instead of avoiding responsibility.
It doesn't appear to be easily fixable. If you put the password in the arguments passed to exec, it's exposed. If you put it in an environment variable, it could be exposed. The only remaining secure alternative is to save the password to a file, like the accepted answer suggests. But it's doubtful that all supported DBs have that functionality.
@CraigBuchek, idk if all support. But perhaps 90+% use mysql and postgres. Should we live in the stone age because of certain vendors starting with "o" or "m" prefer to do things in their own f.ine way torturing their poor users in the process? Maybe rails db could check for a secure_password flag in the adapter to determine whether automatic password should be used or not? There are solutions if one wants.
I suspect that the Rails maintainers don't think it's worth all the effort just to make it so you don't have to add a -p.
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.