omni_credentials
omni_credentials
omnigres : Application credential management
Overview
| ID | Extension | Package | Version | Category | License | Language |
|---|---|---|---|---|---|---|
| 2945 | omni_credentials | omnigres | 0.2.0 | FEAT | Apache-2.0 | C |
| Attribute | Has Binary | Has Library | Need Load | Has DDL | Relocatable | Trusted |
|---|---|---|---|---|---|---|
----d-- | No | No | No | Yes | no | no |
Packages
| Type | Repo | Version | PG Major Compatibility | Package Pattern | Dependencies |
|---|---|---|---|---|---|
| EXT | PIGSTY | 0.2.0 | 18 17 16 15 14 | omnigres | pgcrypto, omni_os |
| RPM | PIGSTY | 0.2.0 | 18 17 16 15 14 | omnigres_$v | - |
| DEB | PIGSTY | 0.2.0 | 18 17 16 15 14 | postgresql-$v-omnigres | - |
| Linux / PG | PG18 | PG17 | PG16 | PG15 | PG14 |
|---|---|---|---|---|---|
el8.x86_64 | MISS | PIGSTY 20250120 | PIGSTY 20250120 | PIGSTY 20250120 | PIGSTY 20250120 |
el8.aarch64 | MISS | PIGSTY 20250120 | PIGSTY 20250120 | PIGSTY 20250120 | PIGSTY 20250120 |
el9.x86_64 | MISS | PIGSTY 20250507 | PIGSTY 20250507 | PIGSTY 20250507 | PIGSTY 20250507 |
el9.aarch64 | MISS | PIGSTY 20250507 | PIGSTY 20250507 | PIGSTY 20250507 | PIGSTY 20250507 |
el10.x86_64 | MISS | MISS | MISS | MISS | MISS |
el10.aarch64 | MISS | MISS | MISS | MISS | MISS |
d12.x86_64 | MISS | PIGSTY 20250120 | PIGSTY 20250120 | PIGSTY 20250120 | PIGSTY 20250120 |
d12.aarch64 | MISS | PIGSTY 20250120 | PIGSTY 20250120 | PIGSTY 20250120 | PIGSTY 20250120 |
d13.x86_64 | PIGSTY 20251108 | PIGSTY 20251108 | PIGSTY 20251108 | PIGSTY 20251108 | PIGSTY 20251108 |
d13.aarch64 | PIGSTY 20251108 | PIGSTY 20251108 | PIGSTY 20251108 | PIGSTY 20251108 | PIGSTY 20251108 |
u22.x86_64 | MISS | PIGSTY 20250120 | PIGSTY 20250120 | PIGSTY 20250120 | PIGSTY 20250120 |
u22.aarch64 | MISS | PIGSTY 20250120 | PIGSTY 20250120 | PIGSTY 20250120 | PIGSTY 20250120 |
u24.x86_64 | PIGSTY 20251108 | PIGSTY 20251108 | PIGSTY 20251108 | PIGSTY 20251108 | PIGSTY 20251108 |
u24.aarch64 | PIGSTY 20251108 | PIGSTY 20251108 | PIGSTY 20251108 | PIGSTY 20251108 | PIGSTY 20251108 |
Source
pig build pkg omnigres; # build rpm/debInstall
Make sure PGDG and PIGSTY repo available:
pig repo add pgsql -u # add both repo and update cacheInstall this extension with pig:
pig install omnigres; # install via package name, for the active PG version
pig install omni_credentials; # install by extension name, for the current active PG version
pig install omni_credentials -v 18; # install for PG 18
pig install omni_credentials -v 17; # install for PG 17
pig install omni_credentials -v 16; # install for PG 16
pig install omni_credentials -v 15; # install for PG 15
pig install omni_credentials -v 14; # install for PG 14Create this extension with:
CREATE EXTENSION omni_credentials CASCADE; -- requires pgcrypto, omni_osUsage
The omni_credentials extension provides secure, encrypted credential storage with access control. It is a templated extension.
Setup
SELECT omni_credentials.instantiate(
schema => 'omni_credentials',
env_var => 'OMNI_CREDENTIALS_MASTER_PASSWORD'
);Credentials View
The primary interface is the credentials view:
| Column | Type | Purpose |
|---|---|---|
name | text | Credential identifier |
value | bytea | Encrypted credential data |
kind | credential_kind | Type: api_key, api_secret, password, etc. |
principal | regrole | PostgreSQL role owning the credential |
scope | jsonb | Resource constraints ({"all": true} for universal) |
Query and update the view directly; changes propagate automatically. Row-Level Security ensures only roles with grants on the principal can access credentials.
File Store (Development)
SELECT omni_credentials.instantiate_file_store(filename, schema);
-- Reload credentials from file:
SELECT credential_file_store_reload(filename);Imports existing file records into the encrypted store and exports missing credentials from the table to the file. Auto-updates the file on credential changes.
Last updated on