From aafaffa59a10fd9af72ffbcb7df20092ce41eedd Mon Sep 17 00:00:00 2001 From: John Smyth Date: Mon, 18 Mar 2024 09:54:08 -0500 Subject: [PATCH] edits for STEAMPIPE_DATABASE_SSL_PASSWORD --- docs/managing/service.md | 31 ------------------- docs/reference/env-vars/overview.md | 2 +- .../env-vars/steampipe_database_password.md | 4 +-- .../steampipe_database_ssl_password.md | 13 ++++---- docs/sidebar.json | 1 + 5 files changed, 10 insertions(+), 41 deletions(-) diff --git a/docs/managing/service.md b/docs/managing/service.md index ba49dcc..c7e9efb 100644 --- a/docs/managing/service.md +++ b/docs/managing/service.md @@ -76,37 +76,6 @@ Managing the Steampipe service: ``` -## Starting database with a private key protected with a passphrase - -You can run `steampipe service start` with a private key protected with a passphrase, use the `STEAMPIPE_DATABASE_SSL_PASSWORD` environement variable - -```bash -$ STEAMPIPE_DATABASE_SSL_PASSWORD=my-passphrase steampipe service start - -Steampipe service is running: - -Database: - - Host(s): localhost, 127.0.0.1, 192.168.10.174 - Port: 9193 - Database: steampipe - User: steampipe - Password: 4cbe-4bc2-9c18 - Connection string: postgres://steampipe:4cbe-4bc2-9c18@localhost:9193/steampipe - -Managing the Steampipe service: - - # Get status of the service - steampipe service status - - # Restart the service - steampipe service restart - - # Stop the service - steampipe service stop - -``` - --- Once the service is started, you can connect to the Steampipe from tools that integrate with Postgres. diff --git a/docs/reference/env-vars/overview.md b/docs/reference/env-vars/overview.md index 8b70c71..59ed5ea 100644 --- a/docs/reference/env-vars/overview.md +++ b/docs/reference/env-vars/overview.md @@ -24,7 +24,7 @@ Note that plugins may also support environment variables, but these are plugin-s | [STEAMPIPE_CLOUD_HOST](reference/env-vars/steampipe_cloud_host) | `pipes.turbot.com` | Set the Turbot Pipes host, for connecting to Turbot Pipes workspace. DEPRECATED - Use [`PIPES_HOST`](/docs/reference/env-vars/pipes_host) | [STEAMPIPE_CLOUD_TOKEN](reference/env-vars/steampipe_cloud_token) | | Set the Turbot Pipes authentication token for connecting to Turbot Pipes workspace. DEPRECATED - Use [`PIPES_TOKEN`](/docs/reference/env-vars/pipes_token). | [STEAMPIPE_DATABASE_PASSWORD](reference/env-vars/steampipe_database_password)| randomly generated | Set the steampipe database password for this session. This variable must be set when the steampipe service starts. -| [STEAMPIPE_DATABASE_SSL_PASSWORD](reference/env-vars/steampipe_database_ssl_password)| | Set the server key passphrase for this session. This variable must be set when the server private key is protected with a passphrase. +| [STEAMPIPE_DATABASE_SSL_PASSWORD](reference/env-vars/steampipe_database_ssl_password)| | Set the passphrase used to decrypt the private key for your custom SSL certificate. By default, Steampipe generates a certificate without a passphrase; you only need to set this variable if you use a custom certificate that is protected by a passphrase. | [STEAMPIPE_DATABASE_START_TIMEOUT](reference/env-vars/steampipe_database_start_timeout)| `30` | Set the maximum time (in seconds) to wait for the Postgres process to start accepting queries after it has been started. | [STEAMPIPE_DIAGNOSTIC_LEVEL](reference/env-vars/steampipe_diagnostic_level)| `NONE` | Sets the diagnostic level. Supported levels are `ALL`, `NONE`. | [STEAMPIPE_INSTALL_DIR](reference/env-vars/steampipe_install_dir)| `~/.steampipe` | The directory in which the Steampipe database, plugins, and supporting files can be found. diff --git a/docs/reference/env-vars/steampipe_database_password.md b/docs/reference/env-vars/steampipe_database_password.md index 76ce7a5..03a0659 100644 --- a/docs/reference/env-vars/steampipe_database_password.md +++ b/docs/reference/env-vars/steampipe_database_password.md @@ -6,12 +6,12 @@ sidebar_label: STEAMPIPE_DATABASE_PASSWORD # STEAMPIPE_DATABASE_PASSWORD -Sets the steampipe database password for this session. By default, steampipe creates a random, unique password for the `steampipe` user. To use a different password, set the `STEAMPIPE_DATABASE_PASSWORD` variable and start the steampipe service. +Sets the Steampipe database password for this session. By default, steampipe creates a random, unique password for the `steampipe` user. To use a different password, set the `STEAMPIPE_DATABASE_PASSWORD` variable and start the steampipe service. Note the following: - Steampipe sets the `steampipe` user password when the database starts, thus this variable must be set when the steampipe service starts. - If the `--database-password` is passed to `steampipe service start`, it will override this environment variable. -- Setting `STEAMPIPE_DATABASE_PASSWORD` (or passing the `--database-password` argument) sets the password for the current service instance only - it does not permanently change the steampipe password. You can permanently change the default password by editing the `~/.steampipe/internal/.passwd`. Deleting this file will result in a new random password being generated the next time steampipe starts. +- Setting `STEAMPIPE_DATABASE_PASSWORD` (or passing the `--database-password` argument) sets the password for the current service instance only - it does not permanently change the steampipe password. You can permanently change the default password by editing the `~/.steampipe/internal/.passwd`. Deleting this file will result in a new random password being generated the next time Steampipe starts. - Both `steampipe` and `root` can login from the local host ([`samehost` in the `pg_hba.conf` file](https://www.postgresql.org/docs/14/auth-pg-hba-conf.html)) without a password, regardless of the `STEAMPIPE_DATABASE_PASSWORD` value. diff --git a/docs/reference/env-vars/steampipe_database_ssl_password.md b/docs/reference/env-vars/steampipe_database_ssl_password.md index a538cbf..c60a651 100644 --- a/docs/reference/env-vars/steampipe_database_ssl_password.md +++ b/docs/reference/env-vars/steampipe_database_ssl_password.md @@ -6,17 +6,16 @@ sidebar_label: STEAMPIPE_DATABASE_SSL_PASSWORD # STEAMPIPE_DATABASE_SSL_PASSWORD -Sets the `server.key` passphrase. By default, this value is empty because of steampipe that generates a certificate without passphrase. To use your own certificate, set the `STEAMPIPE_DATABASE_SSL_PASSWORD` variable and start the steampipe service. +Sets the `server.key` passphrase. By default, Steampipe generates a certificate without a passphrase; you only need to set this variable if you use a custom certificate that is protected by a passphrase. -Note the following: -- If `STEAMPIPE_DATABASE_SSL_PASSWORD` is passed to `steampipe service start`, steampipe will behave as if the key were protected by a passphrase. -- The `server.key` content **must** contains [Proc-Type](https://datatracker.ietf.org/doc/html/rfc1421#section-4.6.1.1) and [DEK-Info](https://datatracker.ietf.org/doc/html/rfc1421#section-4.6.1.3) headers. +To use a custom certificate with a passphrase: +- `STEAMPIPE_DATABASE_SSL_PASSWORD` must be set when you start Steampipe. +- The `server.key` content **must** contain [Proc-Type](https://datatracker.ietf.org/doc/html/rfc1421#section-4.6.1.1) and [DEK-Info](https://datatracker.ietf.org/doc/html/rfc1421#section-4.6.1.3) headers. ## Usage -Start the steampipe service with a custom password: +Start the Steampipe service with a custom password: ```bash export STEAMPIPE_DATABASE_SSL_PASSWORD=MyPassPhrase steampipe service start -``` - +``` \ No newline at end of file diff --git a/docs/sidebar.json b/docs/sidebar.json index bd3cee1..b6ba871 100644 --- a/docs/sidebar.json +++ b/docs/sidebar.json @@ -192,6 +192,7 @@ "reference/env-vars/steampipe_cloud_host", "reference/env-vars/steampipe_cloud_token", "reference/env-vars/steampipe_database_password", + "reference/env-vars/steampipe_database_ssl_password", "reference/env-vars/steampipe_database_start_timeout", "reference/env-vars/steampipe_diagnostic_level", "reference/env-vars/steampipe_install_dir",