Populate service_password_hash at database setup time

Table of Contents

This page is a capture in the next bucket of the product backlog — a pre-sprint idea, not yet pulled into a sprint as a story.

What

(One paragraph: the idea.)

Why

(Motivation, problem being solved, related context.)

References

See also

The service_password_hash column (or equivalent credential store) for each service's database user is not populated by recreate_database.sh or setup_user.sql. Without it, service-to-database authentication via hashed passwords cannot work.

Update the setup scripts to:

  1. Generate (or accept as a parameter) a password for each service DB user.
  2. Hash it with the appropriate function (pgcrypto, bcrypt, or Postgres crypt).
  3. Store the hash in the credential column at setup time.

Emacs 29.1 (Org mode 9.6.6)