patroni
Fail
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The patroni.yml configuration template contains hardcoded plaintext passwords for sensitive database roles.
- Evidence: User verifid_admin is configured with password 'admin_password' in the users section.
- Evidence: User replicator is configured with password 'repl_password' in both the users and authentication sections.
- [COMMAND_EXECUTION]: The configuration enables the execution of local shell scripts via Patroni callback hooks.
- Evidence: Configuration includes on_start, on_stop, and on_role_change callbacks that execute /scripts/notify.sh with various arguments.
Recommendations
- AI detected serious security threats
Audit Metadata