Description

I've search Coder help with coder server -h and found only one environment variable CODER_PG_CONNECTION_URL to setup connection settings. As we are using automatic password rotation this is a point of failure as we have to assemble a secret for coder Postgresql connection URL. Now this secret has changed and I've to change the connection URL, but it would be better if one can pass the rotated secret for the password as a separate environment variable.

Solution

Provide additional way of configuration for Postgresql connection settings like this:

• CODER_PG_HOST
• CODER_PG_PORT ==> defaults to 5432
• CODER_PG_USERNAME
• CODER_PG_PASSWORD
• CODER_PG_DATABASE
• CODER_PG_OPTIONS

We can make use of External Secrets Operator to provide the automatically rotated password. Then if a password change has happend a sync of the secret should find it's way into Coder instance.

E.g.:

CODER_PG_OPTIONS="sslmode=require"

postgres://$CODER_PG_USER:$CODER_PG_PASSWORD@$CODER_PG_HOST:$CODER_PG_PORT/$CODER_PG_DATABASE?$CODER_PG_OPTIONS