edits for STEAMPIPE_DATABASE_SSL_PASSWORD

turbot · Mar 18, 2024 · aafaffa · aafaffa
1 parent 6e9a1f3
commit aafaffa
Show file tree

Hide file tree

Showing 5 changed files with 10 additions and 41 deletions.
diff --git a/docs/managing/service.md b/docs/managing/service.md
@@ -76,37 +76,6 @@ Managing the Steampipe service:
 
 ```
 
-## Starting database with a private key protected with a passphrase
-
-You can run `steampipe service start` with a private key protected with a passphrase, use the `STEAMPIPE_DATABASE_SSL_PASSWORD` environement variable
-
-```bash
-$ STEAMPIPE_DATABASE_SSL_PASSWORD=my-passphrase steampipe service start
-
-Steampipe service is running:
-
-Database:
-
-  Host(s):            localhost, 127.0.0.1, 192.168.10.174
-  Port:               9193
-  Database:           steampipe
-  User:               steampipe
-  Password:           4cbe-4bc2-9c18
-  Connection string:  postgres://steampipe:4cbe-4bc2-9c18@localhost:9193/steampipe
-
-Managing the Steampipe service:
-
-  # Get status of the service
-  steampipe service status
-
-  # Restart the service
-  steampipe service restart
-
-  # Stop the service
-  steampipe service stop
-
-```
-
 ---
 
 Once the service is started, you can connect to the Steampipe from tools that integrate with Postgres.

diff --git a/docs/reference/env-vars/overview.md b/docs/reference/env-vars/overview.md
@@ -24,7 +24,7 @@ Note that plugins may also support environment variables, but these are plugin-s
 | [STEAMPIPE_CLOUD_HOST](reference/env-vars/steampipe_cloud_host)  | `pipes.turbot.com` | Set the Turbot Pipes host, for connecting to Turbot Pipes workspace. DEPRECATED - Use [`PIPES_HOST`](/docs/reference/env-vars/pipes_host)
 | [STEAMPIPE_CLOUD_TOKEN](reference/env-vars/steampipe_cloud_token)  |  | Set the Turbot Pipes authentication token for connecting to Turbot Pipes workspace. DEPRECATED - Use [`PIPES_TOKEN`](/docs/reference/env-vars/pipes_token).
 | [STEAMPIPE_DATABASE_PASSWORD](reference/env-vars/steampipe_database_password)| randomly generated | Set the steampipe database password for this session.  This variable must be set when the steampipe service starts.
-| [STEAMPIPE_DATABASE_SSL_PASSWORD](reference/env-vars/steampipe_database_ssl_password)|  | Set the server key passphrase for this session.  This variable must be set when the server private key is protected with a passphrase.
+| [STEAMPIPE_DATABASE_SSL_PASSWORD](reference/env-vars/steampipe_database_ssl_password)|  | Set the passphrase used to decrypt the private key for your custom SSL certificate.  By default, Steampipe generates a certificate without a passphrase; you only need to set this variable if you use a custom certificate that is protected by a passphrase.
 | [STEAMPIPE_DATABASE_START_TIMEOUT](reference/env-vars/steampipe_database_start_timeout)| `30` | Set the maximum time (in seconds) to wait for the Postgres process to start accepting queries after it has been started.
 | [STEAMPIPE_DIAGNOSTIC_LEVEL](reference/env-vars/steampipe_diagnostic_level)| `NONE` | Sets the diagnostic level.  Supported levels are `ALL`, `NONE`.
 | [STEAMPIPE_INSTALL_DIR](reference/env-vars/steampipe_install_dir)| `~/.steampipe` | The directory in which the Steampipe database, plugins, and supporting files can be found.

diff --git a/docs/reference/env-vars/steampipe_database_password.md b/docs/reference/env-vars/steampipe_database_password.md
@@ -6,12 +6,12 @@ sidebar_label: STEAMPIPE_DATABASE_PASSWORD
 
 # STEAMPIPE_DATABASE_PASSWORD
 
-Sets the steampipe database password for this session.  By default, steampipe creates a random, unique password for the `steampipe` user.  To use a different password, set the `STEAMPIPE_DATABASE_PASSWORD` variable and start the steampipe service.
+Sets the Steampipe database password for this session.  By default, steampipe creates a random, unique password for the `steampipe` user.  To use a different password, set the `STEAMPIPE_DATABASE_PASSWORD` variable and start the steampipe service.
 
 Note the following:
 - Steampipe sets the `steampipe` user password when the database starts, thus this variable must be set when the steampipe service starts.
 - If the `--database-password` is passed to `steampipe service start`, it will override this environment variable.
-- Setting `STEAMPIPE_DATABASE_PASSWORD` (or passing the `--database-password` argument) sets the password for the current service instance only - it does not permanently change the steampipe password.  You can permanently change the default password by editing the `~/.steampipe/internal/.passwd`.  Deleting this file will result in a new random password being generated the next time steampipe starts.
+- Setting `STEAMPIPE_DATABASE_PASSWORD` (or passing the `--database-password` argument) sets the password for the current service instance only - it does not permanently change the steampipe password.  You can permanently change the default password by editing the `~/.steampipe/internal/.passwd`.  Deleting this file will result in a new random password being generated the next time Steampipe starts.
 - Both `steampipe` and `root` can login from the local host ([`samehost` in the `pg_hba.conf` file](https://www.postgresql.org/docs/14/auth-pg-hba-conf.html)) without a password, regardless of the `STEAMPIPE_DATABASE_PASSWORD` value.
 
 

diff --git a/docs/reference/env-vars/steampipe_database_ssl_password.md b/docs/reference/env-vars/steampipe_database_ssl_password.md
@@ -6,17 +6,16 @@ sidebar_label: STEAMPIPE_DATABASE_SSL_PASSWORD
 
 # STEAMPIPE_DATABASE_SSL_PASSWORD
 
-Sets the `server.key` passphrase.  By default, this value is empty because of steampipe that generates a certificate without passphrase.  To use your own certificate, set the `STEAMPIPE_DATABASE_SSL_PASSWORD` variable and start the steampipe service.
+Sets the `server.key` passphrase.  By default, Steampipe generates a certificate without a passphrase; you only need to set this variable if you use a custom certificate that is protected by a passphrase.
 
-Note the following:
-- If `STEAMPIPE_DATABASE_SSL_PASSWORD` is passed to `steampipe service start`, steampipe will behave as if the key were protected by a passphrase.
-- The `server.key` content **must** contains [Proc-Type](https://datatracker.ietf.org/doc/html/rfc1421#section-4.6.1.1) and [DEK-Info](https://datatracker.ietf.org/doc/html/rfc1421#section-4.6.1.3) headers.
+To use a custom certificate with a passphrase:
+- `STEAMPIPE_DATABASE_SSL_PASSWORD` must be set when you start Steampipe.
+- The `server.key` content **must** contain [Proc-Type](https://datatracker.ietf.org/doc/html/rfc1421#section-4.6.1.1) and [DEK-Info](https://datatracker.ietf.org/doc/html/rfc1421#section-4.6.1.3) headers.
 
 ## Usage 
-Start the steampipe service with a custom password:
+Start the Steampipe service with a custom password:
 
 ```bash
 export STEAMPIPE_DATABASE_SSL_PASSWORD=MyPassPhrase
 steampipe service start
-```
-
+```
diff --git a/docs/sidebar.json b/docs/sidebar.json
@@ -192,6 +192,7 @@
           "reference/env-vars/steampipe_cloud_host",
           "reference/env-vars/steampipe_cloud_token",
           "reference/env-vars/steampipe_database_password",
+          "reference/env-vars/steampipe_database_ssl_password",
           "reference/env-vars/steampipe_database_start_timeout",
           "reference/env-vars/steampipe_diagnostic_level",
           "reference/env-vars/steampipe_install_dir",