.pgpass File
The .pgpass authentication profile allows you to use PostgreSQL’s standard password file for authentication. This is the same file format used by psql and other PostgreSQL client tools, making it easy to share credentials across tools.
Key Benefits
Section titled “Key Benefits”- Standard Format: Uses the same
.pgpassfile aspsqland other PostgreSQL tools - Credential Sharing: Share passwords across multiple PostgreSQL client applications
- Pattern Matching: Wildcards allow flexible credential matching
- No Code Changes: Works with existing
.pgpassfiles without modification
File Format
Section titled “File Format”The .pgpass file contains one entry per line with colon-separated fields:
hostname:port:database:username:passwordFields
Section titled “Fields”| Field | Description |
|---|---|
hostname | Database server hostname or IP address |
port | Database port number |
database | Database name |
username | PostgreSQL username |
password | Password for this connection |
Wildcards
Section titled “Wildcards”Use * as a wildcard to match any value (except in the password field):
# Match any database on localhostlocalhost:5432:*:myuser:mypassword
# Match any host on port 5432*:5432:mydb:myuser:mypassword
# Match everything for a user*:*:*:admin:adminpasswordEscaping
Section titled “Escaping”To include a literal colon (:) or backslash (\) in a field value, escape it with a backslash:
hostname\:with\:colons:5432:mydb:user:passwordFile Locations
Section titled “File Locations”Default Locations
Section titled “Default Locations”| Platform | Default Path |
|---|---|
| macOS / Linux | ~/.pgpass |
| Windows | %APPDATA%\postgresql\pgpass.conf |
Environment Variable
Section titled “Environment Variable”Set the PGPASSFILE environment variable to use a custom location:
export PGPASSFILE=/path/to/custom/pgpassConfiguration Options
Section titled “Configuration Options”File Location
Section titled “File Location”Choose between:
- Default Location: Uses the standard
.pgpassfile path for your operating system - Custom Path: Specify a custom file path
Example .pgpass File
Section titled “Example .pgpass File”# Development serverslocalhost:5432:*:postgres:devpassworddev-server.example.com:5432:appdb:appuser:devpass123
# Production (read-only user)prod-db.example.com:5432:*:readonly:prodreadonly
# Staging with wildcard*.staging.example.com:5432:*:deploy:stagingpassMatching Rules
Section titled “Matching Rules”When connecting, DBCode searches the .pgpass file from top to bottom and uses the first matching entry. An entry matches if:
- Hostname matches (or entry has
*) - Port matches (or entry has
*) - Database matches (or entry has
*) - Username matches (or entry has
*)
Example Matching
Section titled “Example Matching”Given this .pgpass file:
localhost:5432:testdb:testuser:testpasslocalhost:5432:*:postgres:postgrespass*:*:*:admin:adminpass| Connection | Matched Entry | Password Used |
|---|---|---|
| localhost:5432/testdb as testuser | Line 1 | testpass |
| localhost:5432/proddb as postgres | Line 2 | postgrespass |
| anyhost:5432/anydb as admin | Line 3 | adminpass |
| localhost:5432/testdb as postgres | Line 2 | postgrespass |
Creating an Auth Profile
Section titled “Creating an Auth Profile”- Open the DBCode activity bar
- Navigate to the Authentication Profiles section
- Click the + (Create) icon
- Select .pgpass File as the type
- Choose the file location:
- Default Location for standard
.pgpasspath - Custom Path to specify a different file
- Default Location for standard
- Click Save
Using with PostgreSQL Connections
Section titled “Using with PostgreSQL Connections”- Create or edit a PostgreSQL connection
- In the Authentication section, select your pgpass profile
- Enter the username (password will be read from
.pgpass) - Save and connect
Supported Databases
Section titled “Supported Databases”The .pgpass authentication profile is available for:
- PostgreSQL
- Amazon Redshift (uses PostgreSQL protocol)
- CockroachDB
- Other PostgreSQL-compatible databases
Troubleshooting
Section titled “Troubleshooting””No matching entry found in .pgpass”
Section titled “”No matching entry found in .pgpass””Cause: No entry in the file matches the connection parameters.
Solutions:
- Verify the hostname, port, database, and username match an entry
- Check for typos in the
.pgpassfile - Add a wildcard entry as a fallback:
*:*:*:username:password - Remember: first match wins, so order matters
”Password file not found”
Section titled “”Password file not found””Cause: The .pgpass file doesn’t exist at the expected location.
Solutions:
- Create the file at the default location (
~/.pgpasson Unix) - Or use “Custom Path” and specify the correct location
- Check that the file path is correct and accessible
”Failed to read password file”
Section titled “”Failed to read password file””Cause: File permission or access issues.
Solutions:
- Ensure the file is readable by your user
- On Unix, file permissions should allow read access
- Check that the path doesn’t contain invalid characters
Hidden files not visible in file picker (macOS)
Section titled “Hidden files not visible in file picker (macOS)”Cause: macOS hides files starting with . by default.
Solution: Press Cmd+Shift+. in the file picker to show hidden files.
Security Considerations
Section titled “Security Considerations”- Store
.pgpassfiles with appropriate permissions - On Unix systems, PostgreSQL tools typically require
chmod 600 ~/.pgpass - Consider using a secret manager with Command authentication for production environments
- The
.pgpassfile stores passwords in plain text
Related Documentation
Section titled “Related Documentation”- Authentication Profiles Overview
- PostgreSQL Connection Guide
- Command Authentication (for secret manager integration)