Postgres: Release 12, default ubuntu install

Default install hardly had a chance to win. Why didn't you use IRIS default install?
For fair play, each DBMS should be best tuned by the appropriate specialist.

Robert,

Are you introducing an ability to play with additional IRIS configuration settings without restarting a container? If so, it sounds reasonable.

To address one of the security issues mentioned by Dmitry, why not hardcode a public key (or even several public keys) and disable SSH password authentication?

If I could explicitly set authentication method for various parts of our instance

Apparently you can do it for each part of your instance represented as a web application. Just look in System Management Portal (SMP): System > Security Management > Web Applications: all the /csp/sys/* stuff is nothing else but SMP's function groups starting pages.