Chef Solo and postgres password


Hi –

I’m using the postgresql and database cookbooks with Chef Solo. This is
all working quite nicely!
The one little thing that seems a bit clumsy is that I have to supply
both the hashed and plain text passwords. Am I correct about that?
postgresql_database requires the plain text version.
Using postgresql cookbook requires adding the /hashed/ version to the node.
Ideally, I’d rather not have unencrypted passwords lying around… I
guess the best thing is to use encrypted data bags?

database cookbook:

create a postgresql database

postgresql_database ‘mr_softie’ do
:host => ‘’
:port => 5432,
:username => ‘postgres’,
:password => node[‘postgresql’][‘password’][‘postgres’]
action :create

postgresql cookbook:

“postgresql”: {
“password”: {
“postgres”: “iloverandompasswordsbutthiswilldo”
“run_list”: [“recipe[postgresql::server]”]

That should actually be the “encrypted password” instead of cleartext,
so you should generate it as an md5 hash using the PostgreSQL algorithm.

Liam Kirsher