Proposal: Promote PGOAUTHCAFILE to feature
This draft proposes that the PGOAUTHCAFILE setting be moved out from underneath the PGOAUTHDEBUG marker.
This is probably going to end up being stub-sized — maybe not worth the effort — but I want to see how small is "too small" for the WG experiment.
Motivation
The PGOAUTHCAFILE envvar allows users to pick an alternative certificate bundle (as used by Curl) for use during the Device Authorization flow. Initially, the assumption was that only developers would need this, since the browsers and/or devices used in production must also trust the CA in order to execute their part of the device flow.
However, there may be cases where using an "external" CA bundle is best practice in a production setting. For example, Kubernetes allows users to store a custom signing CA into a ConfigMap, which can then be exposed as a mounted file on disk and pointed to via environment variable.
Rationale
to be filled in as solutions are discussed
Implementation
to be filled in when a solution is chosen
Security Considerations
Application stacks must ensure that PG* envvars come only from trusted sources. (There is ample existing precedent for this; e.g. PGSSLMODE.)
Rejected Ideas
to do
Open Issues
- Do we make this a connection option too?
- Alternative: Keep it as a debug feature, but break up
PGOAUTHDEBUG
