Storing postgres credentials in KMS

Aroton 2017-04-24 22:28:24 UTC #1

Hey,

We are checking out redash to use hosted in AWS. One of our concerns, is that it seems like the only way to connect to an external postgres instance is to store the username/password in clear text in the .env file. I was wondering if there is any plan to be able to store username/login in KMS instead of the postgres connect url.

arikfr 2017-05-07 20:23:25 UTC #2

I assume you can have a small wrapper script that gets values from KMS, loads them into the environment and then runs Redash's processes.

If you feel this is still not safe enough, you can change settings.py to support KMS. If you think this is needed, we should probably abstract the way settings.py loads settings to allow easily switching between ENV variables and KMS.