<![CDATA[ProGet 2026/PostgreSQL (Embedded) Group Managed Service Account Support]]>Re: Running Proget using GMSA

Does ProGet 2026 with the embedded PostgreSQL support group managed service accounts (gMSAs) like previous versions of ProGet? If it doesn't, will that be an option soon?

I realize that a user account and password will work, but if we aren't using a group managed service account at my company, then the account password has to be changed every 90 days. The group managed service account has automatic password rotation, so it's much more manageable for this kind of thing.

Using NetworkService or similar account is not an option for us for security reasons.

]]>https://forums.inedo.com/topic/5776/proget-2026-postgresql-embedded-group-managed-service-account-supportRSS for NodeFri, 12 Jun 2026 20:56:42 GMTFri, 12 Jun 2026 03:09:10 GMT60<![CDATA[Reply to ProGet 2026/PostgreSQL (Embedded) Group Managed Service Account Support on Fri, 12 Jun 2026 03:09:10 GMT]]>Re: Running Proget using GMSA

Does ProGet 2026 with the embedded PostgreSQL support group managed service accounts (gMSAs) like previous versions of ProGet? If it doesn't, will that be an option soon?

I realize that a user account and password will work, but if we aren't using a group managed service account at my company, then the account password has to be changed every 90 days. The group managed service account has automatic password rotation, so it's much more manageable for this kind of thing.

Using NetworkService or similar account is not an option for us for security reasons.

]]>https://forums.inedo.com/post/19782https://forums.inedo.com/post/19782Fri, 12 Jun 2026 03:09:10 GMT<![CDATA[Reply to ProGet 2026/PostgreSQL (Embedded) Group Managed Service Account Support on Fri, 12 Jun 2026 11:21:38 GMT]]>Hi @mhelp_5176 ,

Provided you provided appropriate permissions, there shouldn't be an issue configuring the service to run as a gSMA.

Thanks,
Alana

]]>https://forums.inedo.com/post/19785https://forums.inedo.com/post/19785Fri, 12 Jun 2026 11:21:38 GMT<![CDATA[Reply to ProGet 2026/PostgreSQL (Embedded) Group Managed Service Account Support on Fri, 12 Jun 2026 14:55:16 GMT]]>Can a group managed service account be used in the PostgreSQL embedded database connection string so the password is rotated, the password rotation is handled automatically by the gMSA, and there's no visible password in the connection string?

The answer appears to be no based on Steve's reply in this other ticket, https://forums.inedo.com/post/19611, but I wanted to provide the additional context in case it's something you may consider supporting.

]]>https://forums.inedo.com/post/19787https://forums.inedo.com/post/19787Fri, 12 Jun 2026 14:55:16 GMT<![CDATA[Reply to ProGet 2026/PostgreSQL (Embedded) Group Managed Service Account Support on Fri, 12 Jun 2026 19:05:43 GMT]]>Hi @mhelp_5176,

Connecting to the embedded database requires local access to the ProGet server. Once an attacker has that, then they already have full access to the database, as it's stored as files on disk... basically it's the equivalent of storing the safe key inside of the safe :)

As such. it doesn't make sense for us to add complexity to the product to support changing a password that's already secured.

Thanks,
Steve

]]>https://forums.inedo.com/post/19789https://forums.inedo.com/post/19789Fri, 12 Jun 2026 19:05:43 GMT