We're switching from MongoDB to Postgres at work, and I'm setting up a BDR group.
At this step I'm looking at security and locking down where possible. Hence, I was hoping to set up a replication user (role) and let BDR use that for its replication stuff. I already had the group happily running when using either trusted connections or the postgres user for authentication. Neither seems 100% secure to me, and I particularly don't like how the postgres user's password would appear in clear text in the DSN connections strings in bdr.bdr_nodes. So I tried using this replication user instead.
That is, e.g. in pg_hba.conf:
hostssl appdb,replication replication 172.17.1.2 md5
And the matching DSN connection string,
host=172.17.1.1 dbname=appdb user=replication password=secret
Problem with this approach is illustrated by the following error when issuing bdr.bdr_group_create:
ERROR: local dsn does not have superuser rights
DETAIL: The dsn 'host=172.17.1.1 dbname=appdb user=replication password=secret' connects successfully but does not grant superuser rights
And this is where I'm a bit puzzled. Does BDR really need superuser rights for replication? Or can I grant specific privileges to my replication role that'll allow it to do its business without being all-powerful?
Maybe it's just me being paranoid, but I feel that the postgres user should only be used for sysadmin stuff, and that the password to it most definitely shouldn't appear in a table in a cleartext DSN connection string, even if you require special privileges to read from said table.