Welcome to the Inedo Forums! Check out the Forums Guide for help getting started.
If you are experiencing any issues with the forum software, please visit the Contact Form on our website and let us know!
ProGet 2026/PostgreSQL (Embedded) Group Managed Service Account Support
-
Does ProGet 2026 with the embedded PostgreSQL support group managed service accounts (gMSAs) like previous versions of ProGet? If it doesn't, will that be an option soon?
I realize that a user account and password will work, but if we aren't using a group managed service account at my company, then the account password has to be changed every 90 days. The group managed service account has automatic password rotation, so it's much more manageable for this kind of thing.
Using NetworkService or similar account is not an option for us for security reasons.
-
Hi @mhelp_5176 ,
Provided you provided appropriate permissions, there shouldn't be an issue configuring the service to run as a gSMA.
Thanks,
Alana
-
Can a group managed service account be used in the PostgreSQL embedded database connection string so the password is rotated, the password rotation is handled automatically by the gMSA, and there's no visible password in the connection string?
The answer appears to be no based on Steve's reply in this other ticket, https://forums.inedo.com/post/19611, but I wanted to provide the additional context in case it's something you may consider supporting.
-
Hi @mhelp_5176,
Connecting to the embedded database requires local access to the ProGet server. Once an attacker has that, then they already have full access to the database, as it's stored as files on disk... basically it's the equivalent of storing the safe key inside of the safe :)
As such. it doesn't make sense for us to add complexity to the product to support changing a password that's already secured.
Thanks,
Steve
