gocredo

Let’s say you’re deploying a database via infrastructure-as-code.

That database will need user accounts, and those accounts will need usernames and passwords.

And you don’t really care what the usernames and passwords are, as long as they’re good.

gocredo is a Golang module I wrote to generate valid, unpredictable credentials.

Please note:

  • Currently, only PostgreSQL credentials are supported.
  • “gocredo” rhymes with “freddo”.

Example

This script will create a PostgreSQL-compatible username and password which could then be plugged into your infrastructure-as-code:

package main

import (
    "fmt"
    "github.com/cariad/gocredo/postgresql"
)

func main() {
    c, _ := postgresql.MakeCredentials()
    fmt.Println("Username: ", c.Username)
    fmt.Println("Password: ", c.Password)
}

Run in the Go Playground

When I ran that example, I got this output:

Username: dodxcqhmudmhkzljkclypecsmeyjnmvqvfgenpqjlhxkrbqeaqpxtgyazxotxns
Password: abrZlVkLOTzhm8By6FDZWIcKKuNZ3WahlHQqo0HiawR9osgOvi2tE5swVc9anIm

Value formats

gocredo generates values with the following formats:

  • PostgreSQL usernames are 63 characters long and made up of the lower-case alphabet.
  • PostgreSQL passwords are 63 characters long and made up of the lower-case alphabet, upper-case alphabet and decimal digits.

Usage

Import "github.com/cariad/gocredo/postgresql" and use the following functions:

func MakeCredentials() (Credentials, error)

MakeCredentials returns a populated gocredo.Credentials struct. The values come from internal calls to MakeUsername and MakePassword.

func MakePassword() (string, error)

MakePassword returns a PostgreSQL user account password as a string.

func MakeUsername() (string, error)

MakeUsername returns a PostgreSQL user account name as a string.

Security

This module uses gorando to generate random values. That module’s security notes are:

This package uses crypto/rand to generate random numbers, to avoid the predictability of math/random.

Pools and random picks are intentionally not logged.

In addition, gocredo intentionally does not log the credentials it generates.

Also, converting a Credentials struct to a string will not reveal the inner values, which should protect you from accidental exposure.

package main

import (
    "fmt"
    "github.com/cariad/gocredo/postgresql"
)

func main() {
    c, _ := postgresql.MakeCredentials()
    fmt.Println(c)
}

Run in the Go Playground

Rather than printing the names and values of the struct’s members, this script actually prints:

(credentials are secret)

gocredo uses:

Report a bug, request a feature or ask a question

Please use the issues page to raise a bug, request a feature or ask a question.

Licence

gocredo is published under the MIT License.

Comments