diff --git a/jobs/postgres/spec b/jobs/postgres/spec index 33f3dfe0..9af40a6b 100644 --- a/jobs/postgres/spec +++ b/jobs/postgres/spec @@ -69,6 +69,9 @@ properties: databases.max_connections: description: "Maximum number of database connections" default: 500 + databases.password_authentication_algorithm: + description: "Defines the central algorithm for encrypting passwords e.g. md5 or scram-sha-256" + default: "scram-sha-256" databases.log_line_prefix: description: "The postgres `printf` style string that is output at the beginning of each log line" default: "%m: " diff --git a/jobs/postgres/templates/pg_hba.conf.erb b/jobs/postgres/templates/pg_hba.conf.erb index 5210295a..169b09c8 100644 --- a/jobs/postgres/templates/pg_hba.conf.erb +++ b/jobs/postgres/templates/pg_hba.conf.erb @@ -2,7 +2,7 @@ local all vcap trust host all vcap 127.0.0.1/32 trust host all vcap ::1/128 trust <% if !p("databases.trust_local_connections").nil? && !p("databases.trust_local_connections") %> -local all all md5 +local all all <%= p("databases.password_authentication_algorithm") %> <% else %> local all all trust host all all 127.0.0.1/32 trust @@ -18,4 +18,4 @@ host all all ::1/128 trust line %> <% end %> -host all all 0.0.0.0/0 md5 +host all all 0.0.0.0/0 <%= p("databases.password_authentication_algorithm") %> diff --git a/jobs/postgres/templates/postgresql.conf.erb b/jobs/postgres/templates/postgresql.conf.erb index eea87418..ca18664e 100644 --- a/jobs/postgres/templates/postgresql.conf.erb +++ b/jobs/postgres/templates/postgresql.conf.erb @@ -35,6 +35,7 @@ end listen_addresses = '0.0.0.0' port = <%= p("databases.port") %> max_connections = <%= p("databases.max_connections") %> +password_encryption = <%= p("databases.password_authentication_algorithm") %> external_pid_file = '/var/vcap/sys/run/postgres/postgres.pid' authentication_timeout = 1min