Hi, Since .pgpass files contain plain-text passwords, I searched for an alternative. In the attached patch I've added the possibility to run a command to produce the content of the pgpass file, in exactly the same format. In this way I could use gpg or any other command to decrypt a pgpass file. It will prefer the .pgpass file and will not call the command.
This would be my environment variable, to have no plain-text password:
PGPASSCOMMAND="gpg -q -d pgpass.gpg"
Other usages of the variable:
PGPASSCOMMAND="cat pgpass"
PGPASSCOMMAND="curl http://passwords/really-unsecure-pgpass";
PGPASSCOMMAND="my-own-secure-pgpass-script"
The submitted patch does it's job, though the command could throw errors.
What do you think of this solution?
Best regards,
Marco van Eck
pgpasscommand_v1.patch
Description: Binary data
