Security audit - Installation procedure - "hardcoded" password in the example code

Source

Installation Prerequisites section of the "Stork Administrator Reference Manual" has example with password

Even there is a Note about not using the password, guess what will happen ;) Therefore I propose to use more mature and secure solution.

Option 1) Instruct user to use the generated password.

postgres=# select substr(md5(random()::text), 0, 20);
       substr        
---------------------
 bec757f2b02fce959f3
(1 row)

Option 2) /preferred/

# prepare random password
$ STORK_PWD=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9<>*?.()+:' | fold -w 32 | head -n 1)

# show password
$ echo $STORK_PWD
or
$ echo -e "\nPassword for 'stork' db user: $STORK_PWD\n"

# create db user 'stork'
postgres@machine:~$ createuser --no-createrole --no-superuser --no-createdb --encrypted stork

# set password for the 'stork' user
postgres@machine:~$ psql -c "ALTER USER stork WITH PASSWORD '$STORK_PWD'"
ALTER ROLE

User can use whatever program for generating passwords like 'pwgen' but I used 'cat /dev/urandom' with 'tr' and 'fold' to make it working from bash without external programs.

copy&paste ready

sudo su - postgres
STORK_PWD=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9<>*?.()+:' | fold -w 32 | head -n 1)
echo -e "\nPassword for 'stork' db user: $STORK_PWD\n"
createuser --no-createrole --no-superuser --no-createdb --encrypted stork
psql -c "ALTER USER stork WITH PASSWORD '$STORK_PWD'"
psql
CREATE DATABASE stork;
GRANT ALL PRIVILEGES ON DATABASE stork TO stork;
\c stork
create extension pgcrypto;
exit
exit

Note: Complex passwords can cause issues to "stork-tool" see - [Inspecting Keys and Certificates] - password not parsed correctly issue.