.pgpass File
Authenticate PostgreSQL connections using the standard .pgpass password file.
The .pgpass authentication profile allows you to use PostgreSQL’s standard password file for authentication. This is the same file format used by psql and other PostgreSQL client tools, making it easy to share credentials across tools.
Key Benefits
- Standard Format: Uses the same
.pgpassfile aspsqland other PostgreSQL tools - Credential Sharing: Share passwords across multiple PostgreSQL client applications
- Pattern Matching: Wildcards allow flexible credential matching
- No Code Changes: Works with existing
.pgpassfiles without modification
File Format
The .pgpass file contains one entry per line with colon-separated fields:
hostname:port:database:username:passwordFields
| Field | Description |
|---|---|
hostname | Database server hostname or IP address |
port | Database port number |
database | Database name |
username | PostgreSQL username |
password | Password for this connection |
Wildcards
Use * as a wildcard to match any value (except in the password field):
# Match any database on localhostlocalhost:5432:*:myuser:mypassword
# Match any host on port 5432*:5432:mydb:myuser:mypassword
# Match everything for a user*:*:*:admin:adminpasswordEscaping
To include a literal colon (:) or backslash (\) in a field value, escape it with a backslash:
hostname\:with\:colons:5432:mydb:user:passwordFile Locations
Default Locations
| Platform | Default Path |
|---|---|
| macOS / Linux | ~/.pgpass |
| Windows | %APPDATA%\postgresql\pgpass.conf |
Environment Variable
Set the PGPASSFILE environment variable to use a custom location:
export PGPASSFILE=/path/to/custom/pgpassConfiguration Options
File Location
Choose between:
- Default Location: Uses the standard
.pgpassfile path for your operating system - Custom Path: Specify a custom file path
Example .pgpass File
# Development serverslocalhost:5432:*:postgres:devpassworddev-server.example.com:5432:appdb:appuser:devpass123
# Production (read-only user)prod-db.example.com:5432:*:readonly:prodreadonly
# Staging with wildcard*.staging.example.com:5432:*:deploy:stagingpassMatching Rules
When connecting, DBCode searches the .pgpass file from top to bottom and uses the first matching entry. An entry matches if:
- Hostname matches (or entry has
*) - Port matches (or entry has
*) - Database matches (or entry has
*) - Username matches (or entry has
*)
Example Matching
Given this .pgpass file:
localhost:5432:testdb:testuser:testpasslocalhost:5432:*:postgres:postgrespass*:*:*:admin:adminpass| Connection | Matched Entry | Password Used |
|---|---|---|
| localhost:5432/testdb as testuser | Line 1 | testpass |
| localhost:5432/proddb as postgres | Line 2 | postgrespass |
| anyhost:5432/anydb as admin | Line 3 | adminpass |
| localhost:5432/testdb as postgres | Line 2 | postgrespass |
Creating an Auth Profile
- Open the DBCode activity bar
- Navigate to the Authentication Profiles section
- Click the + (Create) icon
- Select .pgpass File as the type
- Choose the file location:
- Default Location for standard
.pgpasspath - Custom Path to specify a different file
- Default Location for standard
- Click Save
Using with PostgreSQL Connections
- Create or edit a PostgreSQL connection
- In the Authentication section, select your pgpass profile
- Enter the username (password will be read from
.pgpass) - Save and connect
Supported Databases
The .pgpass authentication profile is available for:
- PostgreSQL
- Amazon Redshift (uses PostgreSQL protocol)
- CockroachDB
- Other PostgreSQL-compatible databases
Troubleshooting
”No matching entry found in .pgpass”
Cause: No entry in the file matches the connection parameters.
Solutions:
- Verify the hostname, port, database, and username match an entry
- Check for typos in the
.pgpassfile - Add a wildcard entry as a fallback:
*:*:*:username:password - Remember: first match wins, so order matters
”Password file not found”
Cause: The .pgpass file doesn’t exist at the expected location.
Solutions:
- Create the file at the default location (
~/.pgpasson Unix) - Or use “Custom Path” and specify the correct location
- Check that the file path is correct and accessible
”Failed to read password file”
Cause: File permission or access issues.
Solutions:
- Ensure the file is readable by your user
- On Unix, file permissions should allow read access
- Check that the path doesn’t contain invalid characters
Hidden files not visible in file picker (macOS)
Cause: macOS hides files starting with . by default.
Solution: Press Cmd+Shift+. in the file picker to show hidden files.
Security Considerations
- Store
.pgpassfiles with appropriate permissions - On Unix systems, PostgreSQL tools typically require
chmod 600 ~/.pgpass - Consider using a secret manager with Command authentication for production environments
- The
.pgpassfile stores passwords in plain text
Related Documentation
- Authentication Profiles Overview
- PostgreSQL Connection Guide
- Command Authentication (for secret manager integration)