My company is willing to share common QGIS3 configuration parameters between its users (ie. proxy configuration, WFS/WMS connections definitions, database connection definitions).
For doing this, the documentation explains how to use a global settings file (ie. a customized qgis_global_settings.ini file), which works perfectly fine. For the case of database connections (Postgis & Oracle in our case), I configured the connections this way:
[PostgreSQL]
connections\myconnection\service=
connections\myconnection\host=my_company_database_host
connections\myconnection\port=5432
connections\myconnection\database=my_database
connections\myconnection\username=xxxxxxx
connections\myconnection\password=yyyyyyyy
connections\myconnection\authcfg=
connections\myconnection\saveUsername=true
connections\myconnection\savePassword=true
(...)
This raises 2 problems:
- 'username' and 'password' are plaintext/unencrypted.
- for this to work, I had to switch 'saveUsername' and 'savePassword' to TRUE, because we want to avoid our users the burden of entering the credentials by themselves.
I believe that saveUsername and savePassword will save the credentials in any project file using this database connection. This is a problem if the project files are sent outside the company.
Another approach:
QGIS3 provides an authentication manager. It stores encrypted passwords fields, in a sqlite database file (qgis-auth.db). My understanding is that, in some way, this auth database can be linked with the above configuration file using the authcfg field.
Is there any way to use the qgis-auth.db in an organization environnement ?
For example,
- sharing a qgis-auth.db file on network
- using the Python API to fill a local qgis-auth.db with default credentials when deploying QGIS for the first time
