Improve credential handling when running as systemd service #236
Description
Hi,
maybe I missed something, but if not it would be great if there was a more secure way to expose credentials to pgbouncer_exporter. Since the connection string has to be set via --pgBouncer.connectionString, including the credentials, it is currently not easy to safely run it as a systemd service.
I've tried setting the password via SetCredentialEncrypted or passing it as a file using LoadCredential, both of which don't seem to work. This either passes a credential path into the connection string which doesn't work, or it simply won't pass the Encrypted Credential into the connection string since it is enclosed with double quotes.
One way could be to load a config file instead of the connection string directly. With that credentials could be stored on disk with proper permissions and without exposing the credentials at runtime to everyone.
Probably more work would be to add support for systemd credential handling, but just being able to pass a config file instead of the raw string would be enough IMO.
I'm aware of the option to use docker where this would be possible, but I do not want to add docker to our existing postgresql cluster just for the sake of exporting pgbouncer metrics.