Updates v0.22.1 (#180)

* docs: add doc for STEAMPIPE_DATABASE_SSL_PASSWORD env var (#177) * edits for STEAMPIPE_DATABASE_SSL_PASSWORD --------- Co-authored-by: Brahim Boukoufallah <[email protected]>
turbot · Mar 18, 2024 · 9ab7dd1 · 9ab7dd1
1 parent 485bce0
commit 9ab7dd1
Show file tree

Hide file tree

Showing 5 changed files with 32 additions and 8 deletions.
diff --git a/docs/managing/service.md b/docs/managing/service.md
@@ -12,7 +12,8 @@ Alternatively, you can run Steampipe in service mode.  Running `steampipe servic
 ## Starting the database in service mode
 
 When you run `steampipe service start`, Steampipe will start in service mode.  Steampipe prints connection information to the console that you can use in connection strings for your application or 3rd party tools:
-```
+
+```bash
 $ steampipe service start
 
 Steampipe service is running:
@@ -30,10 +31,10 @@ Managing the Steampipe service:
 
   # Get status of the service
   steampipe service status
-  
+
   # Restart the service
   steampipe service restart
-  
+
   # Stop the service
   steampipe service stop
 
@@ -66,10 +67,10 @@ Managing the Steampipe service:
 
   # Get status of the service
   steampipe service status
-  
+
   # Restart the service
   steampipe service restart
-  
+
   # Stop the service
   steampipe service stop
 

diff --git a/docs/reference/env-vars/overview.md b/docs/reference/env-vars/overview.md
@@ -24,6 +24,7 @@ Note that plugins may also support environment variables, but these are plugin-s
 | [STEAMPIPE_CLOUD_HOST](reference/env-vars/steampipe_cloud_host)  | `pipes.turbot.com` | Set the Turbot Pipes host, for connecting to Turbot Pipes workspace. DEPRECATED - Use [`PIPES_HOST`](/docs/reference/env-vars/pipes_host)
 | [STEAMPIPE_CLOUD_TOKEN](reference/env-vars/steampipe_cloud_token)  |  | Set the Turbot Pipes authentication token for connecting to Turbot Pipes workspace. DEPRECATED - Use [`PIPES_TOKEN`](/docs/reference/env-vars/pipes_token).
 | [STEAMPIPE_DATABASE_PASSWORD](reference/env-vars/steampipe_database_password)| randomly generated | Set the steampipe database password for this session.  This variable must be set when the steampipe service starts.
+| [STEAMPIPE_DATABASE_SSL_PASSWORD](reference/env-vars/steampipe_database_ssl_password)|  | Set the passphrase used to decrypt the private key for your custom SSL certificate.  By default, Steampipe generates a certificate without a passphrase; you only need to set this variable if you use a custom certificate that is protected by a passphrase.
 | [STEAMPIPE_DATABASE_START_TIMEOUT](reference/env-vars/steampipe_database_start_timeout)| `30` | Set the maximum time (in seconds) to wait for the Postgres process to start accepting queries after it has been started.
 | [STEAMPIPE_DIAGNOSTIC_LEVEL](reference/env-vars/steampipe_diagnostic_level)| `NONE` | Sets the diagnostic level.  Supported levels are `ALL`, `NONE`.
 | [STEAMPIPE_INSTALL_DIR](reference/env-vars/steampipe_install_dir)| `~/.steampipe` | The directory in which the Steampipe database, plugins, and supporting files can be found.
@@ -41,4 +42,4 @@ Note that plugins may also support environment variables, but these are plugin-s
 | [STEAMPIPE_TELEMETRY](reference/env-vars/steampipe_telemetry)  | `info` | Set the level of telemetry data to collect and send.
 | [STEAMPIPE_UPDATE_CHECK](reference/env-vars/steampipe_update_check)| `true` | Enable/disable automatic update checking.
 | [STEAMPIPE_WORKSPACE](reference/env-vars/steampipe_workspace)  | `default` | Set the Steampipe workspace .  This can be named workspace from `workspaces.spc` or a remote Turbot Pipes workspace
-| [STEAMPIPE_WORKSPACE_DATABASE](reference/env-vars/steampipe_workspace_database)  | `local` | Workspace database.  This can be `local` or a remote Turbot Pipes database.
+| [STEAMPIPE_WORKSPACE_DATABASE](reference/env-vars/steampipe_workspace_database)  | `local` | Workspace database.  This can be `local` or a remote Turbot Pipes database.
diff --git a/docs/reference/env-vars/steampipe_database_password.md b/docs/reference/env-vars/steampipe_database_password.md
@@ -6,12 +6,12 @@ sidebar_label: STEAMPIPE_DATABASE_PASSWORD
 
 # STEAMPIPE_DATABASE_PASSWORD
 
-Sets the steampipe database password for this session.  By default, steampipe creates a random, unique password for the `steampipe` user.  To use a different password, set the `STEAMPIPE_DATABASE_PASSWORD` variable and start the steampipe service.
+Sets the Steampipe database password for this session.  By default, steampipe creates a random, unique password for the `steampipe` user.  To use a different password, set the `STEAMPIPE_DATABASE_PASSWORD` variable and start the steampipe service.
 
 Note the following:
 - Steampipe sets the `steampipe` user password when the database starts, thus this variable must be set when the steampipe service starts.
 - If the `--database-password` is passed to `steampipe service start`, it will override this environment variable.
-- Setting `STEAMPIPE_DATABASE_PASSWORD` (or passing the `--database-password` argument) sets the password for the current service instance only - it does not permanently change the steampipe password.  You can permanently change the default password by editing the `~/.steampipe/internal/.passwd`.  Deleting this file will result in a new random password being generated the next time steampipe starts.
+- Setting `STEAMPIPE_DATABASE_PASSWORD` (or passing the `--database-password` argument) sets the password for the current service instance only - it does not permanently change the steampipe password.  You can permanently change the default password by editing the `~/.steampipe/internal/.passwd`.  Deleting this file will result in a new random password being generated the next time Steampipe starts.
 - Both `steampipe` and `root` can login from the local host ([`samehost` in the `pg_hba.conf` file](https://www.postgresql.org/docs/14/auth-pg-hba-conf.html)) without a password, regardless of the `STEAMPIPE_DATABASE_PASSWORD` value.
 
 

diff --git a/docs/reference/env-vars/steampipe_database_ssl_password.md b/docs/reference/env-vars/steampipe_database_ssl_password.md
@@ -0,0 +1,21 @@
+---
+title: STEAMPIPE_DATABASE_SSL_PASSWORD
+sidebar_label: STEAMPIPE_DATABASE_SSL_PASSWORD
+---
+
+
+# STEAMPIPE_DATABASE_SSL_PASSWORD
+
+Sets the `server.key` passphrase.  By default, Steampipe generates a certificate without a passphrase; you only need to set this variable if you use a custom certificate that is protected by a passphrase.
+
+To use a custom certificate with a passphrase:
+- `STEAMPIPE_DATABASE_SSL_PASSWORD` must be set when you start Steampipe.
+- The `server.key` content **must** contain [Proc-Type](https://datatracker.ietf.org/doc/html/rfc1421#section-4.6.1.1) and [DEK-Info](https://datatracker.ietf.org/doc/html/rfc1421#section-4.6.1.3) headers.
+
+## Usage 
+Start the Steampipe service with a custom password:
+
+```bash
+export STEAMPIPE_DATABASE_SSL_PASSWORD=MyPassPhrase
+steampipe service start
+```
diff --git a/docs/sidebar.json b/docs/sidebar.json
@@ -192,6 +192,7 @@
           "reference/env-vars/steampipe_cloud_host",
           "reference/env-vars/steampipe_cloud_token",
           "reference/env-vars/steampipe_database_password",
+          "reference/env-vars/steampipe_database_ssl_password",
           "reference/env-vars/steampipe_database_start_timeout",
           "reference/env-vars/steampipe_diagnostic_level",
           "reference/env-vars/steampipe_install_dir",