Skip to content

Replace realistic-looking DB credentials and hostnames with generic placeholders #82

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
intel352 merged 4 commits into from
Mar 10, 2026
Merged

Replace realistic-looking DB credentials and hostnames with generic placeholders #82

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
e3995eb
Initial plan
Copilot Mar 10, 2026
9165237
chore: initial plan to replace realistic-looking examples with generi…
Copilot Mar 10, 2026
7625f57
fix: replace realistic-looking connection strings and credentials wit…
Copilot Mar 10, 2026
3aa25da
Replace realistic-looking DB credentials and hostnames with generic p…
Copilot Mar 10, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion examples/advanced-logging/go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ go 1.25
toolchain go1.25.0

require (
github.com/GoCodeAlone/modular v1.11.11
github.com/GoCodeAlone/modular v1.12.0
github.com/GoCodeAlone/modular/modules/chimux v1.1.0
github.com/GoCodeAlone/modular/modules/httpclient v0.1.0
github.com/GoCodeAlone/modular/modules/httpserver v0.1.1
Expand Down
2 changes: 1 addition & 1 deletion examples/feature-flag-proxy/go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ go 1.25
toolchain go1.25.0

require (
github.com/GoCodeAlone/modular v1.11.11
github.com/GoCodeAlone/modular v1.12.0
github.com/GoCodeAlone/modular/modules/chimux v1.1.0
github.com/GoCodeAlone/modular/modules/httpserver v0.1.1
github.com/GoCodeAlone/modular/modules/reverseproxy v1.1.2
Expand Down
2 changes: 1 addition & 1 deletion examples/health-aware-reverse-proxy/go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ go 1.25
toolchain go1.25.0

require (
github.com/GoCodeAlone/modular v1.11.11
github.com/GoCodeAlone/modular v1.12.0
github.com/GoCodeAlone/modular/modules/chimux v0.0.0-00010101000000-000000000000
github.com/GoCodeAlone/modular/modules/httpserver v0.0.0-00010101000000-000000000000
github.com/GoCodeAlone/modular/modules/reverseproxy v0.0.0-00010101000000-000000000000
Expand Down
2 changes: 1 addition & 1 deletion examples/http-client/go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ go 1.25
toolchain go1.25.0

require (
github.com/GoCodeAlone/modular v1.11.11
github.com/GoCodeAlone/modular v1.12.0
github.com/GoCodeAlone/modular/modules/chimux v1.1.0
github.com/GoCodeAlone/modular/modules/httpclient v0.1.0
github.com/GoCodeAlone/modular/modules/httpserver v0.1.1
Expand Down
2 changes: 1 addition & 1 deletion examples/logmasker-example/go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ module logmasker-example
go 1.25

require (
github.com/GoCodeAlone/modular v1.11.11
github.com/GoCodeAlone/modular v1.12.0
github.com/GoCodeAlone/modular/modules/logmasker v0.0.0
)

Expand Down
3 changes: 2 additions & 1 deletion examples/multi-engine-eventbus/go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,13 +5,14 @@ go 1.25
toolchain go1.25.0

require (
github.com/GoCodeAlone/modular v1.11.11
github.com/GoCodeAlone/modular v1.12.0
github.com/GoCodeAlone/modular/modules/eventbus v1.7.0
)

require (
github.com/BurntSushi/toml v1.6.0 // indirect
github.com/DataDog/datadog-go/v5 v5.4.0 // indirect
github.com/GoCodeAlone/modular/modules/eventbus/v2 v2.5.1 // indirect
Copy link

Copilot AI Mar 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This adds an indirect dependency on github.com/GoCodeAlone/modular/modules/eventbus/v2 alongside the direct requirement on modules/eventbus v1.7.0. If this wasn’t intentional, run go mod tidy to drop the extra major-version module; if it is intentional, please document why v2 is needed in this example.

Suggested change
github.com/GoCodeAlone/modular/modules/eventbus/v2 v2.5.1 // indirect

Copilot uses AI. Check for mistakes.
github.com/IBM/sarama v1.45.2 // indirect
github.com/Microsoft/go-winio v0.5.0 // indirect
github.com/aws/aws-sdk-go-v2 v1.38.0 // indirect
Expand Down
2 changes: 2 additions & 0 deletions examples/multi-engine-eventbus/go.sum
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,8 @@ github.com/BurntSushi/toml v1.6.0 h1:dRaEfpa2VI55EwlIW72hMRHdWouJeRF7TPYhI+AUQjk
github.com/BurntSushi/toml v1.6.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho=
github.com/DataDog/datadog-go/v5 v5.4.0 h1:Ea3eXUVwrVV28F/fo3Dr3aa+TL/Z7Xi6SUPKW8L99aI=
github.com/DataDog/datadog-go/v5 v5.4.0/go.mod h1:K9kcYBlxkcPP8tvvjZZKs/m1edNAUFzBbdpTUKfCsuw=
github.com/GoCodeAlone/modular/modules/eventbus/v2 v2.5.1 h1:GTSJh+QbPj7nuXoiiz53+DPxJ3xw7JPemzBuWg6vKS4=
github.com/GoCodeAlone/modular/modules/eventbus/v2 v2.5.1/go.mod h1:PvgkUxMg2RL/TjKevO3PBTy+RazZX5YXi8IK/Bz1qcw=
github.com/IBM/sarama v1.45.2 h1:8m8LcMCu3REcwpa7fCP6v2fuPuzVwXDAM2DOv3CBrKw=
github.com/IBM/sarama v1.45.2/go.mod h1:ppaoTcVdGv186/z6MEKsMm70A5fwJfRTpstI37kVn3Y=
github.com/Microsoft/go-winio v0.5.0 h1:Elr9Wn+sGKPlkaBvwu4mTrxtmOp3F3yV9qhaHbXGjwU=
Expand Down
3 changes: 2 additions & 1 deletion examples/nats-eventbus/go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,13 +9,14 @@ replace github.com/GoCodeAlone/modular => ../../
replace github.com/GoCodeAlone/modular/modules/eventbus => ../../modules/eventbus

require (
github.com/GoCodeAlone/modular v1.11.11
github.com/GoCodeAlone/modular v1.12.0
github.com/GoCodeAlone/modular/modules/eventbus v1.7.0
)

require (
github.com/BurntSushi/toml v1.6.0 // indirect
github.com/DataDog/datadog-go/v5 v5.4.0 // indirect
github.com/GoCodeAlone/modular/modules/eventbus/v2 v2.5.1 // indirect
Copy link

Copilot AI Mar 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This adds an indirect dependency on github.com/GoCodeAlone/modular/modules/eventbus/v2 alongside the direct requirement on modules/eventbus v1.7.0. If this wasn’t intentional, run go mod tidy to drop the extra major-version module; if it is intentional, please add a short note in the PR description explaining why v2 is needed here to avoid confusion about mixed major versions.

Suggested change
github.com/GoCodeAlone/modular/modules/eventbus/v2 v2.5.1 // indirect

Copilot uses AI. Check for mistakes.
github.com/IBM/sarama v1.45.2 // indirect
github.com/Microsoft/go-winio v0.5.0 // indirect
github.com/aws/aws-sdk-go-v2 v1.38.0 // indirect
Expand Down
2 changes: 2 additions & 0 deletions examples/nats-eventbus/go.sum
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,8 @@ github.com/BurntSushi/toml v1.6.0 h1:dRaEfpa2VI55EwlIW72hMRHdWouJeRF7TPYhI+AUQjk
github.com/BurntSushi/toml v1.6.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho=
github.com/DataDog/datadog-go/v5 v5.4.0 h1:Ea3eXUVwrVV28F/fo3Dr3aa+TL/Z7Xi6SUPKW8L99aI=
github.com/DataDog/datadog-go/v5 v5.4.0/go.mod h1:K9kcYBlxkcPP8tvvjZZKs/m1edNAUFzBbdpTUKfCsuw=
github.com/GoCodeAlone/modular/modules/eventbus/v2 v2.5.1 h1:GTSJh+QbPj7nuXoiiz53+DPxJ3xw7JPemzBuWg6vKS4=
github.com/GoCodeAlone/modular/modules/eventbus/v2 v2.5.1/go.mod h1:PvgkUxMg2RL/TjKevO3PBTy+RazZX5YXi8IK/Bz1qcw=
github.com/IBM/sarama v1.45.2 h1:8m8LcMCu3REcwpa7fCP6v2fuPuzVwXDAM2DOv3CBrKw=
github.com/IBM/sarama v1.45.2/go.mod h1:ppaoTcVdGv186/z6MEKsMm70A5fwJfRTpstI37kVn3Y=
github.com/Microsoft/go-winio v0.5.0 h1:Elr9Wn+sGKPlkaBvwu4mTrxtmOp3F3yV9qhaHbXGjwU=
Expand Down
2 changes: 1 addition & 1 deletion examples/observer-demo/go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ replace github.com/GoCodeAlone/modular => ../..
replace github.com/GoCodeAlone/modular/modules/eventlogger => ../../modules/eventlogger

require (
github.com/GoCodeAlone/modular v1.11.11
github.com/GoCodeAlone/modular v1.12.0
github.com/GoCodeAlone/modular/modules/eventlogger v0.0.0-00010101000000-000000000000
github.com/cloudevents/sdk-go/v2 v2.16.2
)
Expand Down
2 changes: 1 addition & 1 deletion examples/observer-pattern/go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ go 1.25
toolchain go1.25.0

require (
github.com/GoCodeAlone/modular v1.11.11
github.com/GoCodeAlone/modular v1.12.0
github.com/GoCodeAlone/modular/modules/eventlogger v0.0.0-00010101000000-000000000000
github.com/cloudevents/sdk-go/v2 v2.16.2
)
Expand Down
2 changes: 1 addition & 1 deletion examples/reverse-proxy/go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ go 1.25
toolchain go1.25.0

require (
github.com/GoCodeAlone/modular v1.11.11
github.com/GoCodeAlone/modular v1.12.0
github.com/GoCodeAlone/modular/modules/chimux v1.1.0
github.com/GoCodeAlone/modular/modules/httpserver v0.1.1
github.com/GoCodeAlone/modular/modules/reverseproxy v1.1.0
Comment on lines 7 to 11
Copy link

Copilot AI Mar 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These example go.mod bumps (v1.11.11 → v1.12.0) are unrelated to the PR’s stated goal (scrubbing realistic-looking DB credentials) and aren’t mentioned in the PR description. Please either remove these dependency/version changes from this PR, or update the PR description and ensure the version updates are intentional and consistent across all examples.

Copilot uses AI. Check for mistakes.
Expand Down
2 changes: 1 addition & 1 deletion examples/testing-scenarios/go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ go 1.25
toolchain go1.25.0

require (
github.com/GoCodeAlone/modular v1.11.11
github.com/GoCodeAlone/modular v1.12.0
github.com/GoCodeAlone/modular/modules/chimux v0.0.0-00010101000000-000000000000
github.com/GoCodeAlone/modular/modules/httpserver v0.0.0-00010101000000-000000000000
github.com/GoCodeAlone/modular/modules/reverseproxy v0.0.0-00010101000000-000000000000
Expand Down
56 changes: 28 additions & 28 deletions modules/database/AWS_IAM_AUTH.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,9 +20,9 @@ When AWS IAM authentication is enabled, **any password in the DSN is ignored and

```yaml
# All of these DSN formats work identically with IAM auth:
dsn: "postgresql://chimera_app:$TOKEN@host.rds.amazonaws.com:5432/mydb"
dsn: "postgresql://chimera_app:PLACEHOLDER@host.rds.amazonaws.com:5432/mydb"
dsn: "postgresql://chimera_app@host.rds.amazonaws.com:5432/mydb"
dsn: "postgresql://myapp_user:$TOKEN@host.rds.amazonaws.com:5432/mydb"
dsn: "postgresql://myapp_user:PLACEHOLDER@host.rds.amazonaws.com:5432/mydb"
dsn: "postgresql://myapp_user@host.rds.amazonaws.com:5432/mydb"
```

The password portion (`$TOKEN`, `PLACEHOLDER`, or empty) is completely ignored when IAM auth is enabled.
Expand All @@ -33,7 +33,7 @@ The database username is extracted from the DSN or can be explicitly specified:

```yaml
# Option 1: Username in DSN (extracted automatically)
dsn: "postgresql://chimera_app:$TOKEN@host.rds.amazonaws.com:5432/mydb"
dsn: "postgresql://myapp_user:$TOKEN@host.rds.amazonaws.com:5432/mydb"
aws_iam_auth:
enabled: true
region: us-east-1
Expand All @@ -43,7 +43,7 @@ dsn: "postgresql://ignored_user:$TOKEN@host.rds.amazonaws.com:5432/mydb"
aws_iam_auth:
enabled: true
region: us-east-1
db_user: chimera_app # This takes precedence
db_user: myapp_user # This takes precedence
```

### 3. Token Generation Flow
Expand All @@ -66,7 +66,7 @@ database:
writer:
driver: postgres
# DSN with $TOKEN placeholder - will be automatically stripped
dsn: "postgresql://chimera_app:$TOKEN@shared-chimera-dev-backend.cluster-xyz.us-east-1.rds.amazonaws.com:5432/chimera_backend?sslmode=require"
dsn: "postgresql://myapp_user:$TOKEN@mydb-instance.cluster-xyz.us-east-1.rds.amazonaws.com:5432/myappdb?sslmode=require"
max_open_connections: 25
max_idle_connections: 10
connection_max_lifetime: 1h
Expand All @@ -82,7 +82,7 @@ database:

```bash
export DB_WRITER_DRIVER=postgres
export DB_WRITER_DSN="postgresql://chimera_app:$TOKEN@host.rds.amazonaws.com:5432/mydb?sslmode=require"
export DB_WRITER_DSN="postgresql://myapp_user:$TOKEN@host.rds.amazonaws.com:5432/mydb?sslmode=require"
export DB_WRITER_AWS_IAM_AUTH_ENABLED=true
export DB_WRITER_AWS_IAM_AUTH_REGION=us-east-1
export DB_WRITER_MAX_OPEN_CONNECTIONS=25
Expand All @@ -102,15 +102,15 @@ Create a database user configured for IAM authentication:

**PostgreSQL:**
```sql
CREATE USER chimera_app WITH LOGIN;
GRANT rds_iam TO chimera_app;
GRANT ALL PRIVILEGES ON DATABASE chimera_backend TO chimera_app;
CREATE USER myapp_user WITH LOGIN;
GRANT rds_iam TO myapp_user;
GRANT ALL PRIVILEGES ON DATABASE myappdb TO myapp_user;
```

**MySQL:**
```sql
CREATE USER chimera_app IDENTIFIED WITH AWSAuthenticationPlugin AS 'RDS';
GRANT ALL PRIVILEGES ON chimera_backend.* TO chimera_app@'%';
CREATE USER myapp_user IDENTIFIED WITH AWSAuthenticationPlugin AS 'RDS';
GRANT ALL PRIVILEGES ON myappdb.* TO myapp_user@'%';
```

### 3. IAM Policy
Expand All @@ -125,7 +125,7 @@ The AWS principal (user/role) must have `rds-db:connect` permission:
"Effect": "Allow",
"Action": ["rds-db:connect"],
"Resource": [
"arn:aws:rds-db:us-east-1:123456789012:dbuser:cluster-XXXXX/chimera_app"
"arn:aws:rds-db:us-east-1:123456789012:dbuser:cluster-XXXXX/myapp_user"
]
}
]
Expand All @@ -135,7 +135,7 @@ The AWS principal (user/role) must have `rds-db:connect` permission:
**Finding your Resource ARN:**
- Format: `arn:aws:rds-db:REGION:ACCOUNT:dbuser:RESOURCE_ID/DB_USERNAME`
- Get RESOURCE_ID from RDS console (cluster identifier starts with `cluster-`)
- Example: `arn:aws:rds-db:us-east-1:123456789012:dbuser:cluster-ABC123DEF456/chimera_app`
- Example: `arn:aws:rds-db:us-east-1:123456789012:dbuser:cluster-ABC123DEF456/myapp_user`

### 4. AWS Credentials

Expand All @@ -155,7 +155,7 @@ database:
connections:
writer:
driver: postgres
dsn: "postgresql://myuser:MySecretPassword123@host.rds.amazonaws.com:5432/mydb"
dsn: "postgresql://myuser:MySecretP@ssword@host.rds.amazonaws.com:5432/mydb"
Copy link

Copilot AI Mar 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The example DSN password MySecretP@ssword contains @, which breaks URL-style DSN parsing (the @ is the userinfo/host separator). Use a password without reserved URI characters here, or show it URL-encoded (e.g., %40) so the example DSN is syntactically valid.

Suggested change
dsn: "postgresql://myuser:MySecretP@ssword@host.rds.amazonaws.com:5432/mydb"
dsn: "postgresql://myuser:MySecretPassword@host.rds.amazonaws.com:5432/mydb"

Copilot uses AI. Check for mistakes.
```

### After (with IAM):
Expand All @@ -173,18 +173,18 @@ database:

**The password portion is completely ignored when IAM auth is enabled.**

## Your Specific Use Case
## Example Use Case

You mentioned passing the DSN as:
Here is a complete example DSN for an RDS Aurora PostgreSQL cluster:
```
postgresql://chimera_app:$TOKEN@shared-chimera-dev-backend.cluster-cbysgk6e0u2x.us-east-1.rds.amazonaws.com:5432/chimera_backend?sslmode=require
postgresql://myapp_user:$TOKEN@mydb-instance.cluster-abc123def456.us-east-1.rds.amazonaws.com:5432/myappdb?sslmode=require
```

**This is exactly the correct format!** Here's what happens:
**This is the correct format.** Here's what happens:

1. ✅ The module sees `aws_iam_auth.enabled: true`
2. ✅ The `$TOKEN` placeholder is automatically stripped from the DSN
3. ✅ The username `chimera_app` is extracted and used for IAM authentication
3. ✅ The username `myapp_user` is extracted and used for IAM authentication
4. ✅ AWS credentials are loaded from your environment
5. ✅ An RDS IAM token is generated automatically
6. ✅ The token is refreshed every ~15 minutes automatically
Expand Down Expand Up @@ -237,10 +237,10 @@ DEBUG Processing DSN for IAM authentication original_dsn_length=142
DEBUG Password stripped from DSN cleaned_dsn_length=128
INFO Extracted RDS endpoint endpoint=mydb.cluster-xyz.us-east-1.rds.amazonaws.com:5432
DEBUG Extracted database configuration database=mydb options_count=1
DEBUG Extracted username from DSN username=chimera_app
INFO IAM authentication will use database user username=chimera_app
DEBUG Extracted username from DSN username=myapp_user
INFO IAM authentication will use database user username=myapp_user
DEBUG Determined database driver configuration driver=pgx port=5432
INFO Creating AWS RDS credential store endpoint=mydb... region=us-east-1 username=chimera_app
INFO Creating AWS RDS credential store endpoint=mydb... region=us-east-1 username=myapp_user
DEBUG AWS RDS credential store created successfully
INFO Database connection with AWS IAM authentication configured successfully
DEBUG Testing database connection timeout=10s
Expand Down Expand Up @@ -353,17 +353,17 @@ You can test IAM authentication manually:
```bash
# Generate a token
TOKEN=$(aws rds generate-db-auth-token \
--hostname shared-chimera-dev-backend.cluster-xyz.us-east-1.rds.amazonaws.com \
--hostname mydb-instance.cluster-xyz.us-east-1.rds.amazonaws.com \
--port 5432 \
--username chimera_app \
--username myapp_user \
--region us-east-1)

# Connect using the token
PGPASSWORD=$TOKEN psql \
-h shared-chimera-dev-backend.cluster-xyz.us-east-1.rds.amazonaws.com \
-h mydb-instance.cluster-xyz.us-east-1.rds.amazonaws.com \
-p 5432 \
-U chimera_app \
-d chimera_backend
-U myapp_user \
-d myappdb
```

## Benefits of IAM Authentication
Expand Down
Loading