Add pg-password-util to wiki
sehrope opened this issue · comments
Please add pg-password-util
to the wiki: https://www.npmjs.com/package/pg-password-util
It's a standalone lib that handles encoding PostgreSQL passwords client-side so that CREATE USER ...
/ ALTER USER ...
statements do not include the plaintext of passwords in your application logs. It includes TypeScript type declarations as well.
So it replaces SQL like this being sent to your DB:
ALTER USER app PASSWORD 'Super Duper Secret!'
With SQL like this:
ALTER USER app PASSWORD 'SCRAM-SHA-256$4096:M1A3zTFR9TzaX5NuvytilQ==$TZtMCtrZ8wkkZVkS7vursem77PsBqthl8GqkPohscJw=:POfEEJ9BOrm6upeAFKU3awWqMg+kKYXyPOG5E5tuhJc='
It defaults to using SCRAM-SHA-256 for the encoding but also supports md5 for older versions of PG. It also includes a helper to change a user's password using whatever the database says is the preferred encoding (i.e. SCRAM-SHA-256 for anything 10+ and md5 for anything older):
// client is a pg.Client
await alterUserPassword(client, {
username: 'app',
password: 'my-new-secret-password',
});