-
Notifications
You must be signed in to change notification settings - Fork 9.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update lib/pq to at least version 1.1.0 to support new postgres encryption scheme #24016
Comments
For others who have found this issue, a work around (without changing the PostgreSQL encryption mechanism back to md5 for the server), you can manually generate the md5 password:
|
This is needed to make it possible to use the scram-sha-256 authentication method for the pg backend. It's not easy to write unit-tests for this since it requires a specific configuration of the PostgreSQL server, I did test it manually thought and everything seems to work like it should. Closes hashicorp#24016
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further. |
PostgreSQL now supports scram-sha-256 as a password encryption mechanism. Sadly, the version of lib/pq that is currently used by Terraform as of today doesn't support this. However, lib/pq does support this in a newer version. This is actually a deal-breaker right now on databases that support this scheme as you'll get this when using PostgreSQL as a storage backend:
This is documented here. For reference: Terraform currently uses lib/pq version 1.0.0 but 1.1.0 added support for it.
It should, therefore, be as simple as bumping the minor version. I suggest going all the way up to the current version: 1.3.0
The text was updated successfully, but these errors were encountered: