From 8cad36a5487e024d639d25a22e709a668a207c3d Mon Sep 17 00:00:00 2001
From: Michele Cereda <cereda.michele@gmail.com>
Date: Wed, 3 Jul 2024 20:11:05 +0200
Subject: [PATCH] feat(postgres): add commands and password file

---
 knowledge base/postgresql.md | 15 ++++++++++++++-
 snippets/postgresql.sh       | 12 ++++++++----
 snippets/postgresql.sql      | 10 ++++++++++
 3 files changed, 32 insertions(+), 5 deletions(-)

diff --git a/knowledge base/postgresql.md b/knowledge base/postgresql.md
index a4b372b..8da01e9 100644
--- a/knowledge base/postgresql.md	
+++ b/knowledge base/postgresql.md	
@@ -6,6 +6,15 @@
 
 ## TL;DR
 
+One can store one's credentials in `~/.pgpass`:
+
+```plaintext
+# line format => hostname:port:database:username:password`
+# can use wildcards
+postgres.lan:5643:postgres:postgres:BananaORama
+*:*:sales:elaine:modestPassword
+```
+
 ```sh
 # Installation.
 brew install 'postgresql@14'
@@ -60,12 +69,14 @@ psql -h 'host.fqnd' -U 'postgres' -d 'postgres' -W -f 'dump.sql' -e
 - [Docker image]
 - [Bidirectional replication in PostgreSQL using pglogical]
 - [What is the pg_dump command for backing up a PostgreSQL database?]
+- [How to SCRAM in Postgres with pgBouncer]
 
 ### Sources
 
 - [psql]
 - [pg_settings]
 - [Connect to a PostgreSQL database]
+- [The password file]
 
 <!--
   Reference
@@ -76,8 +87,10 @@ psql -h 'host.fqnd' -U 'postgres' -d 'postgres' -W -f 'dump.sql' -e
 [docker image]: https://github.com/docker-library/docs/blob/master/postgres/README.md
 [psql]: https://www.postgresql.org/docs/current/app-psql.html
 [pg_settings]: https://www.postgresql.org/docs/current/view-pg-settings.html
+[the password file]: https://www.postgresql.org/docs/current/libpq-pgpass.html
 
 <!-- Others -->
-[connect to a postgresql database]: https://www.postgresqltutorial.com/connect-to-postgresql-database/
 [bidirectional replication in postgresql using pglogical]: https://www.jamesarmes.com/2023/03/bidirectional-replication-postgresql-pglogical.html
+[connect to a postgresql database]: https://www.postgresqltutorial.com/connect-to-postgresql-database/
+[how to scram in postgres with pgbouncer]: https://www.crunchydata.com/blog/pgbouncer-scram-authentication-postgresql
 [what is the pg_dump command for backing up a postgresql database?]: https://www.linkedin.com/advice/3/what-pgdump-command-backing-up-postgresql-ke2ef
diff --git a/snippets/postgresql.sh b/snippets/postgresql.sh
index 672f95f..3bb27fe 100644
--- a/snippets/postgresql.sh
+++ b/snippets/postgresql.sh
@@ -7,10 +7,14 @@ psql --host 'prod.db.lan' --port '5432' --username 'postgres' --database 'postgr
 psql -h 'host.fqnd' -p '5432' -U 'admin' -d 'postgres' -W
 psql 'postgresql://localhost:5433/games?sslmode=require'
 
-# List available databases.
+# List available databases
 psql … --list
 
-# Execute commands.
+# Change passwords
+psql … -U 'jonathan' -c '\password'
+psql … -U 'admin' -c '\password jonathan'
+
+# Execute SQL commands
 psql … -c 'select * from tableName;' -o 'out.file'
 psql … -c 'select * from tableName;' -H
 psql … -f 'commands.sql'
@@ -31,9 +35,9 @@ pg_dump -h 'host.fqnd' -p '5432' -U 'admin' -d 'postgres' -Ws
 pg_dumpall -h 'host.fqnd' -p '5432' -U 'postgres' -l 'postgres' -W --roles-only --file 'roles.sql'
 pg_dumpall -h 'host.fqnd' -p '5432' -U 'postgres' -l 'postgres' -Wrf 'roles.sql' --no-role-passwords
 
-# Restore backups.
+# Restore backups
 pg_restore -U 'postgres' -d 'sales' 'sales.bak'
 
-# Initialize a test DB.
+# Initialize a test DB
 pgbench -i 'test-db'
 pgbench -i 'test-db' -h 'hostname' -p '5555' -U 'user'
diff --git a/snippets/postgresql.sql b/snippets/postgresql.sql
index 6cc2490..b1cb2f2 100644
--- a/snippets/postgresql.sql
+++ b/snippets/postgresql.sql
@@ -27,9 +27,11 @@ CREATE DATABASE world;
 SELECT * FROM pg_settings;
 SELECT "name", "setting" FROM pg_settings WHERE NAME LIKE '%log%';
 SHOW "wal_keep_size";
+SHOW "password_encryption";
 
 -- Change database settings for the current session
 SET pgaudit.log = 'none';
+SET password_encryption  = 'scram-sha-256';
 
 -- Change database settings permanently
 ALTER DATABASE reviser SET pgaudit.log TO 'none';
@@ -61,6 +63,8 @@ DROP SCHEMA IF EXISTS mundane CASCADE;
 -- List users with respective roles
 \du
 \du+
+-- List users only
+select usename FROM pg_catalog.pg_user;
 
 -- Check the current user has SuperUser permissions
 SHOW is_superuser
@@ -72,6 +76,8 @@ ALTER USER joel WITH SUPERUSER;
 ALTER USER joel WITH NOSUPERUSER;
 -- Allow users to create databases
 ALTER USER mark CREATEDB;
+-- Change passwords
+ALTER USER jonathan WITH PASSWORD 'seagull5-pantomime-Resting';
 
 
 -- Close the connection to the current DB
@@ -79,6 +85,10 @@ ALTER USER mark CREATEDB;
 \quit
 
 
+-- Get passwords
+SELECT rolpassword from pg_authid where rolname = 'admin';
+
+
 -- Show extensions
 \dx
 SELECT * FROM pg_extension;