Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/tv42/scram-password

Command-line utility for Postgres-compatible SCRAM-SHA-256 passwords
https://github.com/tv42/scram-password

command-line password postgres scram scram-sha-256

Last synced: 20 days ago
JSON representation

Command-line utility for Postgres-compatible SCRAM-SHA-256 passwords

Host: GitHub
URL: https://github.com/tv42/scram-password
Owner: tv42
License: mit
Created: 2022-01-18T22:19:22.000Z (almost 3 years ago)
Default Branch: main
Last Pushed: 2022-01-18T22:19:33.000Z (almost 3 years ago)
Last Synced: 2024-10-16T02:07:23.693Z (2 months ago)
Topics: command-line, password, postgres, scram, scram-sha-256
Language: Go
Homepage:
Size: 3.91 KB
Stars: 2
Watchers: 2
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# scram-password -- Command-line utility for Postgres-compatible SCRAM-SHA-256 passwords

SCRAM-SHA-256 (see [RFC-7677](https://datatracker.ietf.org/doc/html/rfc7677), [Salted Challenge Response Authentication Mechanism](https://en.wikipedia.org/wiki/Salted_Challenge_Response_Authentication_Mechanism)) is a password based challenge-response authentication mechanism.

[Postgres 14 uses it](https://www.postgresql.org/docs/14/auth-password.html) to avoid needing to store or transmit plaintext passwords.

This repository contains a simple command-line utility to hash passwords into a Postgres-compatible format.
It may work with other SCRAM-using server software, but the actual storage format is not a standard.

```console
$ go install -v eagain.net/go/scram-password@latest
[...]
$ scram-password jdoe :

```console
$ entropy 32 | zbase32-encode
rijwsgiuedt4bx86b5qsamxs1iyobbjdr7f9mieattztbgauxngo
```

# Acknowledgements

The library that does all actual work: https://github.com/xdg-go/scram

Configuration and usage advice: https://hacksoclock.blogspot.com/2018/10/how-to-set-up-scram-sha-256.html

More advice (including a Python script with unclear licensing that was *not* used to create this project): https://blog.crunchydata.com/blog/how-to-upgrade-postgresql-passwords-to-scram

Note in Postgres docker image documentation that says `POSTGRES_INITDB_ARGS=--auth-host=scram-sha-256` might be needed for SCRAM to work: https://github.com/docker-library/docs/commit/00ad08f4335b71b70cfed616ca81ab6dfc015f12