QGIS » QGIS Application

QGIS Server is missing authentication system support (add it), also when launching there is no means of defining the authentication system master password.

Approach to a fix for master password setting:

Add support for passing the master password as an environment variable to a password file, like is done with Postgres and other setups. For example, an env var like QGIS_AUTH_PASSWORD_PATH could be set to a filepath. In QgsAuthManager::instance()->init() the variable could be read, password loaded, then the variable unset in the env. This would also make a great way to allow using Desktop without having to enter your master password every session.

Similarly, the master password could be in an OS's keychain or keyring and be auto-input in the background on launch if that user's OS key cache is unlocked. See Matthias's suggestion for that.

Currently, the master password auto-set can be set via Python, or by way of a custom C++ plugin, on launch setups using a call to QgsAuthManager::instance()->setMasterPassword( "mypassword", true ). However, I think many of the Python bindings should be blocked for the initial release. So, setting an env variable to a password file path seems like a good start, especially for QGIS Server.

Note: for Server, you can already use QGIS_AUTH_DB_DIR_PATH to set the path to a qgis-auth.db dir on the server.