I’m setting up Automated Secrets Rotation to rotate my PostgreSQL user passwords, but I’m not sure how to create the managing user in PostgreSQL. As stated in the Doppler documentation, the managing user should really be restricted to only be able to update the user passwords of the specified users. How do I create that user?
Thanks for your help!
Welcome to the Doppler Community!
To accomplish what you want, the Postgres user will need the
CREATEROLE role. This will allow them to perform
ALTER ROLE queries on other users (aside from users with the superuser role). A query to create such a user would look something like this:
CREATE ROLE doppler WITH CREATEROLE PASSWORD 'some-secure-password-here';
Unfortunately, there’s no way to further limit that role to only being able to execute
ALTER ROLE against specific users that I’m aware of.