https://github.com/fillmore-labs/pgpasswd
Encrypted PostgreSQL Password
https://github.com/fillmore-labs/pgpasswd
postgresql scram-sha-256
Last synced: 5 months ago
JSON representation
Encrypted PostgreSQL Password
- Host: GitHub
- URL: https://github.com/fillmore-labs/pgpasswd
- Owner: fillmore-labs
- License: apache-2.0
- Created: 2023-08-10T10:40:40.000Z (almost 3 years ago)
- Default Branch: main
- Last Pushed: 2026-01-13T23:10:49.000Z (6 months ago)
- Last Synced: 2026-01-14T01:28:05.870Z (6 months ago)
- Topics: postgresql, scram-sha-256
- Language: Go
- Homepage:
- Size: 42 KB
- Stars: 0
- Watchers: 0
- Forks: 0
- Open Issues: 1
-
Metadata Files:
- Readme: README.adoc
- License: LICENSE
Awesome Lists containing this project
README
= Encrypted PostgreSQL Password
:Author: Oliver Eikemeier
:Email:
:Date: 2023-08
:Revision: v0.1
:toc: macro
image:https://badge.buildkite.com/070c600f14498cd3d708e16c2df30e390d948c7fa9cd1a3fed.svg?branch=main[title="Buildkite build status",link=https://buildkite.com/fillmore-labs/postgresql-password/]
toc::[]
== Purpose
.The PostgreSQL https://www.postgresql.org/docs/current/sql-createrole.html[documentation] of `+CREATE ROLE+` mentions:
[quote]
----
If the presented password string is already in MD5-encrypted or SCRAM-encrypted format, then it is stored as-is regardless of password_encryption (since the system cannot decrypt the specified encrypted password string, to encrypt it in a different format).
----
Which is not only useful during dump and restore, but also when initializing a new installation.
This is a simple tool to create SCRAM-SHA-256 encrypted passwords.
== Usage
[source,shell]
----
go run . user pass
----
outputs
```sql
CREATE ROLE "user" WITH
LOGIN
PASSWORD 'SCRAM-SHA-256$4096:...';
```
which can be fed directly into PostgreSQL.
== References
- https://www.rfc-editor.org/rfc/rfc7677[RFC 7677] SCRAM-SHA-256
- https://www.rfc-editor.org/rfc/rfc5802#section-3[RFC 5802] SCRAM Algorithm Overview