Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The pgrst.jwt_secret in-database configuration should not interpret a file path #3629

Open
laurenceisla opened this issue Jun 29, 2024 · 2 comments
Open

The pgrst.jwt_secret in-database configuration should not interpret a file path #3629

laurenceisla opened this issue Jun 29, 2024 · 2 comments
Labels
bug config related to the configuration options

Comments

@laurenceisla
Copy link
Member

laurenceisla commented Jun 29, 2024
edited
Loading

Description of issue

The pgrst.jwt_secret in-database configuration can interpret a file path when it should not. For example:

create or replace function postgrest.pre_config()
returns void as $$
  select set_config('pgrst.jwt_secret', '@/path/to/secret', true);
$$ language sql;

Right now, it reads the values inside /path/to/secret, but it should interpret the secret as is. That is, the secret should be the string "@/path/to/secret".
@laurenceisla laurenceisla mentioned this issue Jun 29, 2024
Merged
@laurenceisla laurenceisla added bug config related to the configuration options labels Jun 29, 2024
@laurenceisla laurenceisla mentioned this issue Jul 2, 2024
Closed
@wolfgangwalther
Copy link
Member

I think @/does/not/exist when given via database configuration should be interpreted as a secret, not as a path. So a secret starting with @.

@laurenceisla
Copy link
Member Author

I think @/does/not/exist when given via database configuration should be interpreted as a secret, not as a path. So a secret starting with @.

Agree, also mentioned here #3634 (comment). I'll change the title and description of the issue since the original one is no longer relevant.

@laurenceisla laurenceisla changed the title PostgREST partially starts and does not return error when selecting an invalid file in pgrst.jwt_secret The pgrst.jwt_secret in-database configuration should not interpret a file path Jul 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug config related to the configuration options
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: handle when file in pgrst.jwt_secret does not exist laurenceisla/postgrest
2 participants
@wolfgangwalther @laurenceisla