Storing postgres credentials in KMS



We are checking out redash to use hosted in AWS. One of our concerns, is that it seems like the only way to connect to an external postgres instance is to store the username/password in clear text in the .env file. I was wondering if there is any plan to be able to store username/login in KMS instead of the postgres connect url.


I assume you can have a small wrapper script that gets values from KMS, loads them into the environment and then runs Redash’s processes.

If you feel this is still not safe enough, you can change to support KMS. If you think this is needed, we should probably abstract the way loads settings to allow easily switching between ENV variables and KMS.