33.15. The Password File
The file
.pgpass
in a user's home directory can
contain passwords to
be used if the connection requires a password (and no password has been
specified otherwise). On Microsoft Windows the file is named
%APPDATA%\postgresql\pgpass.conf
(where
%APPDATA%
refers to the Application Data subdirectory in
the user's profile).
Alternatively, a password file can be specified
using the connection parameter
passfile
or the environment variable
PGPASSFILE
.
This file should contain lines of the following format:
hostname
:port
:database
:username
:password
(You can add a reminder comment to the file by copying the line above and
preceding it with
#
.)
Each of the first four fields can be a literal value, or
*
, which matches anything. The password field from
the first line that matches the current connection parameters will be
used. (Therefore, put more-specific entries first when you are using
wildcards.) If an entry needs to contain
:
or
\
, escape this character with
\
.
A host name of
localhost
matches both TCP (host name
localhost
) and Unix domain socket (
pghost
empty
or the default socket directory) connections coming from the local
machine. In a standby server, a database name of
replication
matches streaming replication connections made to the master server.
The
database
field is of limited usefulness because
users have the same password for all databases in the same cluster.
On Unix systems, the permissions on a password file must
disallow any access to world or group; achieve this by a command such as
chmod 0600 ~/.pgpass
. If the permissions are less
strict than this, the file will be ignored. On Microsoft Windows, it
is assumed that the file is stored in a directory that is secure, so
no special permissions check is made.