Skip to content

feat: support function as password for dynamic credentials#122

Merged
tsloughter merged 3 commits intoerleans:mainfrom
Taure:feat/password-as-function
Mar 17, 2026
Merged

feat: support function as password for dynamic credentials#122
tsloughter merged 3 commits intoerleans:mainfrom
Taure:feat/password-as-function

Conversation

@Taure
Copy link
Copy Markdown
Contributor

@Taure Taure commented Mar 13, 2026

Summary

  • Accept fun(() -> iodata()) as the password config value
  • The function is evaluated on each new connection, enabling rotating credentials like AWS IAM auth tokens
  • When stored in pool config, the fun prints as #Fun<...> in logs, preventing accidental password disclosure in supervisor crash reports

This is the ERLEF-recommended approach for keeping credentials out of logs.

Closes #56
Closes #117

Test plan

  • New password_as_function test added to pgo_SUITE
  • All 55 CT tests pass
  • xref clean

@Taure
feat: support function as password for dynamic credentials
32baeaf 
Accept fun(() -> iodata()) as the password config value. The function
is evaluated on each new connection, enabling rotating credentials
like AWS IAM auth tokens. When stored in pool config, the fun prints
as #Fun<...> in logs, preventing accidental password disclosure.

Closes erleans#56
Closes erleans#117
@tsloughter
Copy link
Copy Markdown
Collaborator

tsloughter commented Mar 16, 2026

Has a conflict.

@tsloughter tsloughter merged commit eff43e9 into erleans:main Mar 17, 2026
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tsloughter tsloughter tsloughter approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Keep password out of logs Function as password

2 participants

@Taure @tsloughter