Hi,
I have been hacking on a feature that instead of using a static password when connecting to the psql server executes a subprocess which prints a temporary auth token to stdout.
This is to make the workflow more bearable when using AWS RDS with iam authentication.
aws-iam auth tokens are generated with the ASW cli, used as sql password, and expires after 15 minutes. That means that any reconnects after that time will fail – and not in a way that spawns any password dialog (“FATAL: PAM authentication failed”).
I’m thinking of the feature like an addition to “passfile”, lets call it “passexec”.
2 new (advanced?) server settings:
* passexec cmd line
* passexec expiry minutes
If last passexec is older than expiry, a new invocation result is used – basically an expiring cache.
I think this would benefit the pgadmin community – would you be interested in a PR?
/Elias