Home > Enterprise >  Cannot psql-connect azure postgres server if created with admin-password in keyvault
Cannot psql-connect azure postgres server if created with admin-password in keyvault

Time:11-25

I've been trying to create azure postgres server using admin-password from key vault. Using secret obtained with command az keyvault secret show I always fail in connection the server from my pc. When using the same text string that was stored as the key vault secret in the create-command I don't have any problems when connecting from my PC.

jaana@Azure:~$ az postgres server create --location westeurope --resource-group my-rg  --name fortunate-postgres-server  --admin-user adminU  --admin-password changeMe 1 --sku-name B_Gen5_1
jaana@Azure:~$ secret=$(az keyvault secret show --name "AdminPassWord" --vault-name unfortunate-kv --query "value"
jaana@Azure:~$ echo $secret
"changeMe 1"
jaana@Azure:~$ az postgres server create --location westeurope --resource-group my-rg  --name unfortunate-postgres-server  --admin-user adminU  --admin-password $secret --sku-name B_Gen5_1

in my pc:

$ psql "host=fortunate-postgres-server.postgres.database.azure.com port=5432 dbname=postgres user=adminU@fortunate-postgres-server password=changeMe 1 sslmode=require"
psql (9.2.2, server 9.6.21)
WARNING: psql version 9.2, server version 9.6.
         Some psql features might not work.
WARNING: Console code page (850) differs from Windows code page (1252)
         8-bit characters might not work correctly. See psql reference
         page "Notes for Windows users" for details.
SSL connection (cipher: ECDHE-RSA-AES256-SHA, bits: 256)
Type "help" for help.

postgres=> \q

$ psql "host=unfortunate-postgres-server.postgres.database.azure.com port=5432 dbname=postgres user=adminU@unfortunate-postgres-server password=changeMe 1 sslmode=require"
psql: FATAL:  password authentication failed for user "adminU"

How can this be possible ?

CodePudding user response:

Just adding -o tsv into command az keyvault secret show solved the problem

CodePudding user response:

Just add the explanation to @Jaana's answer.

In this case, there is a double quotes issue, if you use az keyvault secret show without -o tsv parameter, it will output the value with the double quotes, then when you reference the variable in az postgres server create, it will pass the value with double quotes.

To solve the issue, -o tsv is the solution, the output is guaranteed to be unquoted.

See details here - enter image description here

enter image description here

  • Related