Securing .pgpass File?

Hey,

So, I've searched around through the archives, and it seems this has
come up a couple times in the past. But one scenario that was never
explored was when using one .pgpass file in a cluster of servers, in
which case it makes sense to save it in source control, or something
like puppet/bcfg. So my question is this:

Has anyone come up with a good solution for distributing a .pgpass file
that doesn't expose it to anyone who has access to the distribution
mechanism?

I ask because several people can access and make pull requests to our
configuration management system, but except for .pgpass, none of these
files contain plain-text passwords. We have dozens of systems running
PostgreSQL, and manually setting up each one is a waste of time; we have
configuration management for a reason.

Am I just missing something, here?

Thanks, everyone!

--
Shaun Thomas
OptionsHouse | 141 W. Jackson Blvd. | Suite 500 | Chicago IL, 60604
312-444-8534
sthomas@optionshouse.com

______________________________________________

See http://www.peak6.com/email_disclaimer/ for terms and conditions related to this email