Nov
16
Access to password-protected database without interactively supplying the password
Dunno why I never looked this up before. We’ve been using expect or pexpect (Python expect) to provide a password to our PostgreSQL database when we use psql from inside another program. This means that the password is in plain text in the Python module.
Today I learned about a much cleaner way: the ~/.pgpass file. The format is:
host:port:database:username:password
Permissions on the file need to be 600, so nobody but the owner can read it. This file is read by psql when it starts, and if there’s a match with the host, port, user, db you’re requesting, the password gets automatically supplied.
