Add support for a password tool (Feature Request, not bug)

[peter-schwier]

Feature Request: Can you add support for calling a command or shell script when the user is prompted for a password? Maybe if the .usqlpass file is executable, then run it as a command with the arguments you would use to look up the password (protocol host port dbname user) and then the output of the command is the password to use?

The use case here is that I have 12 different databases I need to connect to, but I need to use at least three different tools to do it. So, I have all my database passwords stored in KeePass. Not asking you to add support for KeePass, that is outside the scope of usql. Instead, just add a hook where I can have a script lookup the password. Then I can implement my own KeePass integration for my setup.

This would also allow other password managers to store passwords (1Password, Bitwarden, HashiCorp Vault, pass).

[kenshaw]

Yes, this is a reasonable feature request. I personally don't use password managers, but could you give me an example of what a command line would be?

[peter-schwier]

My recommendation would be just pass in each of the fields that you would normally use for looking up the password, and then let the script figure out how to look up in individual password managers. This is just me throwing out ideas. Change it however you would like to make it work better in usql.

I would suggest expanding the driver names to the full name and providing the defaults that would get used. Default port, if there is one. Default user, if there is one.

# connect to a postgres database
$ usql postgres://booktest@localhost/booktest
# If .usqlpass is executable, then run:
.usqlpass postgres localhost 5432 booktest booktest
# and it would write to standard output the password you should use.

# connect to an oracle database
$ usql oracle://user:pass@host/oracle.sid
# No need to call .usqlpass because password is on the command line.

# connect to a postgres database and run the commands contained in script.sql
$ usql pg://localhost/ -f script.sql
# If .usqlpass is executable, then run:
.usqlpass postgres localhost 5432 "" ""
# and it would write to standard output the password you should use on the first line, and the username you should use on the second line.

$ usql my://pschwier@dev-testingdata/todolist
# If .usqlpass is executable, then run:
.usqlpass mysql dev-testingdata 3306 todolist pschwier
# and it would write to standard output the password you should use.

[peter-schwier]

Oh, now that I look back at the readme file, you do support Windows. But Windows would not be able to execute a file without an extension. In that case, maybe a better option is to have a command in the .usqlrc file specify the script name?