Greptile Overview

Summary

This PR introduces comprehensive PAM (Privileged Access Management) scaffolding to the Infisical CLI, specifically focusing on PostgreSQL database access management. The implementation adds a complete end-to-end PAM system that enables users to request time-limited database access through secure proxy connections without exposing permanent credentials.

The changes include:

Core PAM Infrastructure: New API models and endpoints for PAM access requests, session management, credential retrieval, and audit logging. The API layer (packages/api/) now supports PAM operations including session creation, credential injection, and termination.

PostgreSQL Integration: Addition of the github.com/jackc/pgx/v5 PostgreSQL driver to enable database connectivity. A comprehensive PostgreSQL proxy handler (packages/pam/handlers/postgres.go) intercepts database connections, injects managed credentials during authentication, and logs all SQL operations for auditing.

Session Management: New session handling components provide encrypted logging (packages/pam/session/logger.go), credential caching with TTL (packages/pam/session/credentials.go), and automated session cleanup (packages/pam/session/uploader.go). Sessions are recorded in encrypted files and uploaded to the backend for compliance.

Local Proxy Server: The CLI now includes a local database proxy (packages/pam/local-database-proxy.go) that creates secure tunnels through the existing relay/gateway infrastructure. Users connect to localhost while the proxy handles authentication, credential injection, and forwarding to target databases.

CLI Interface: New command structure (infisical pam db access-account) allows users to request database access with configurable session durations. The gateway components have been extended to handle PAM traffic routing and session recording configuration.

Security Architecture: The system uses mTLS authentication, ALPN protocol negotiation, AES-GCM encryption for session data, and certificate-based routing. Session information is embedded in client certificates and validated throughout the connection chain.

This implementation integrates seamlessly with Infisical's existing infrastructure, leveraging the current gateway/relay architecture while adding specialized PAM capabilities for privileged resource access.

Important Files Changed

Changed Files

Filename	Score	Overview
packages/api/model.go	5/5	Adds well-structured PAM API models for access requests, session credentials, and log uploading
go.mod	5/5	Adds PostgreSQL driver dependency and updates Go standard library packages
packages/pam/session/constants.go	5/5	Introduces clean environment variable constant for PAM session recording path
packages/pam/session/encryption.go	3/5	Implements AES-GCM encryption utilities with security concerns around nonce generation
packages/cmd/gateway.go	5/5	Adds configurable PAM session recording path flag to gateway command
packages/api/api.go	4/5	Introduces 5 new PAM API functions following established patterns
packages/pam/session/logger.go	4/5	Implements thread-safe encrypted session logging with concurrent access management
packages/gateway-v2/gateway.go	4/5	Adds PAM routing modes and session handling to existing gateway infrastructure
packages/pam/session/uploader.go	2/5	Implements session log uploading with regex-based parsing and potential security issues
packages/pam/handlers/postgres.go	2/5	PostgreSQL proxy with SQL injection risks in parameter substitution logic
go.sum	5/5	Standard dependency checksums for new PostgreSQL driver components
packages/gateway-v2/constants.go	5/5	Adds PAM session recording environment variable constant
packages/cmd/pam.go	4/5	Clean CLI command structure for PAM database access with proper validation
packages/pam/local-database-proxy.go	4/5	Comprehensive local proxy server with TLS security and connection management
packages/pam/pam-proxy.go	2/5	PAM proxy implementation with critical security concerns including credential logging
packages/pam/session/credentials.go	2/5	Credential caching system with thread-safety issues and global state concerns

Confidence score: 2/5

• This PR introduces significant security-critical functionality but contains multiple high-risk issues that could compromise system security
• Score lowered due to SQL injection vulnerabilities, insecure credential handling, potential timing attacks, and thread-safety concerns in sensitive areas
• Pay close attention to packages/pam/handlers/postgres.go, packages/pam/pam-proxy.go, packages/pam/session/credentials.go, and packages/pam/session/uploader.go which contain critical security flaws

Context used:

Rule from dashboard - # Greptile Code Review Prompt: OR Query Safety Check (knex.js)

Objective

Flag database queries t... (source)

_{16 files reviewed, 25 comments}

_{Edit Code Review Agent Settings | Greptile}

Just putting it here - for we upload it as JSON file.

Somethings to do is - first the server should limit the number of rows allowed or total bytes allowed in one session. I see no validation in server side of things.

Second this is a reminder on switching to object storage we need some integrity check in place and any remote execution prevention checks as well.