Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Specifying superuser PostgreSQL password for a Docker Container

Tags:

docker

postgresql

boot2docker

When running a PostgreSQL database in a Docker container, the documentation for the official PostgreSQL Docker Image specifies that the administrator password should be set in an environmental variable like:

docker run --name some-postgres -e POSTGRES_PASSWORD=mysecretpassword -d postgres

For those that do not want to hard-code a plain-text password in their scripts, are there more secure options to consider?

like image 337
Joseph Idziorek Avatar asked Dec 22 '15 00:12

Joseph Idziorek

People also ask

What is the default password for postgres in docker?

There isn't a default password. The default authentication mode for PostgreSQL is set to ident, not to sql DB user/password. Running cat /var/lib/pgsql/9.3/data/pg_hba. conf will show you that.

How do I password protect a docker container?

There's no way to do this. Docker containers generally don't have "users"; to the extent that they do, they almost never have passwords set; and you don't "log in" to them, you just run a command.

What is PostgreSQL superuser password?

Superuser Password This is the only account found in a fresh installation. The password is setup during the initial installation of the database server, and may be changed at any point in the future using pgAdmin, or by issuing an SQL query such as: ALTER USER postgres WITH PASSWORD 'VeryVerySecret';

1 Answers

Injecting configuration settings as environment variables is the approach to application configuration recommended by the 12 factor app website.

  • http://12factor.net/config

Alternatively you could create your own container that reads it's configuration from custom configuration file:

docker run -d mydockerapp --config mydevconfig.yaml

But really the use of environment variables has the edge in terms of flexibility because it is ubiquitous across all platforms. To make environment variables more palatable you could specify them within a file. This at least will ensure a malicious user on the same machine could not glean credentials from a process listing:

$ cat env.db 
POSTGRES_DB=myappdb
POSTGRES_USER=admin
POSTGRES_PASSWORD=pleasechangeme

$ docker run --name postgres --env-file=env.db -d postgres

Finally, I discovered that there are a number of outstanding feature requests for better secret support by docker:

  • https://github.com/docker/docker/issues/13490

In my experience convenience has a habit of trumping security, so I imagine it will take time for an acceptable solution to gain sufficient mind-share. Personally I forsee a solution emerging that emulates what the Kubernetes project is doing with encrypted data volumes:

  • https://kubernetes.io/docs/concepts/configuration/secret/
like image 138
Mark O'Connor Avatar answered Oct 12 '22 22:10

Mark O'Connor
Sign in to Comment

Related questions

How to use ANY instead of IN in a WHERE clause with Rails?
Inner join & outer join; is the order of tables in from important?
How do I encrypt passwords with PostgreSQL?
PostgreSQL copy/transfer data from one database to another
Dockerizing PostgreSQL - psql Connection refused
How to restart PostgreSQL server on MacOS?
transpose column headers to rows in postgresql
How to find if a function exists in PostgreSQL?
PostgreSQL Query to select data from last week?
Postgres accent insensitive LIKE search in Rails 3.1 on Heroku
Postgres UUID JDBC not working
How to do Pivoting in PostgreSQL
How to convert empty to null in PostgreSQL?
Rake task to truncate all tables in Rails 3
Insert values if records don't already exist in Postgres
Ebean looks for wrong sequence name in Play Framework 2
select into insert from values() with correct type casts using jOOQ
PG error for SELECT DISTINCT, ORDER BY expressions must appear in select list when trying to view on Heroku
DOCKER container with postgres, WARNING: could not open statistics file "pg_stat_tmp/global.stat": Operation not permitted
CSV copy to Postgres with array of custom type using JDBC

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!