Skip to content

Wrapper around psql where connection information is pulled from Azure Key Vault

License

Notifications You must be signed in to change notification settings

kometen/rusty-psql

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

32 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

rusty_psql

A wrapper around psql so information about host to connect to, database, password is retrieved from Azure Key Vault and URL to Azure Key Vault from 1password thus avoiding storing passwords in cleartext locally.

Requires 1password and Azure command line utilities installed locally, an Azure-subscription, a PostgreSQL-client. Log in with az login.

Add the following secrets to Azure Key Vault:

db-host
db-name
db-pwd
db-user
db-domain

Add an entry in 1password that can be accessed by the program. The path is formatted in Rust.

let op_path = format!("op://Production/AzureKeyVault{}/url", key);

An example of a path can be op://Production/AzureKeyVaultInvoice/url. The path can be changed to suit your own requirement with the format op://[vault-name]/[item]/[text-field]/[value] in 1password.

Clone the repository, test, build and run with

cargo test
cargo build [--release]
./target/release/rusty_psql -n invoice

Install via brew tap.

brew tap kometen/rusty-psql
brew install rusty-psql

Build and run the container-image.

docker build -t rusty_psql:dev .
docker run --user rusty_psql_user rusty_psql:dev

The container will not inherit the environment from the shell so running from the container will not work.

I had much help from Claude. Used the editor zed at https://github.com/zed-industries/zed.

About

Wrapper around psql where connection information is pulled from Azure Key Vault

Resources

License

Stars

Watchers

Forks

Packages

No packages published