My current DB Infrastructure uses pglogical to setup logical replication. However, we want to get rid of using passwords as plain text when the publisher and subscriber are created using TLS Auth. I am using something like the below:
SELECT pglogical.create_node( node_name := 'pub', dsn := 'host=192.10.1.10 port=5432 dbname=db user=abc sslcert=/var/lib/pgsql/14/data/server.crt sslkey=/var/lib/pgsql/14/data/server.key, sslpassword=/etc/pki/tls/cert.pem');

This however is not helping me create the required logical replication. Has anyone tried doing something similar where we can avoid providing passwords in plaintext? I have tried using pgaudit to see if it redacts passwords in the postgres logs using the above query but unfortunately, it doesn't.

Any help on this would be much appreciated!

my PostgreSQL Version: 14.5 and pglogical: 2.4

pglogical creates regular and replication connections. Your pg_hba.conf should be prepared to it. You didn't provide the error message but it should say which one is wrong.

regular connection

could not connect to the postgresql server: <error message goes here>

replication connection

could not connect to the postgresql server in replication mode: <error message goes here>