Persistence needs to support IAM based DB access #3569
Comments
|
This would be good to have because managing password is difficult to manage. Also, If role based access is possible then it will easy to access db via trusting role. |
|
Why not to support this: https://forrestbrazeal.com/2019/02/18/cloud-irregular-iam-is-the-real-cloud-lock-in/ |
|
It's better not to introduce vendor-specific code to persistence. It's easy to support this for GCP since its Go connector supports automatic IAM authentication which refreshes the token periodically but I haven't seen alternative on AWS yet. Reference: https://cloud.google.com/sql/docs/postgres/authentication One verified solution for anyone on GCP: use CloudSQL Proxy. Basically you can start your proxy as a sidecar and then specify your IAM user, localhost and empty password |
Summary
What change you think needs making.
Motivation
Please give examples of your use case, e.g. when would you use this.
Proposal
How do you think this should be implemented?
Message from the maintainers:
If you wish to see this enhancement implemented please add a 👍 reaction to this issue! We often sort issues this way to know what to prioritize.
The text was updated successfully, but these errors were encountered: