Restore a PostgreSQL database without setting the password in the environment

Question

I need to make a script in python that calls pg_restore to restore a database. So far I use a batch file that sets true password in PGPASSWORD and after the restore it sets garbage in the var.

My problem is that I have to create a environment variable with SET PGPASSWORD='password' but I can't expose the password in the environment because if there is an error in the restore, PGPASSWORD will have the true password.

Is there a way to send the restore command with the password, like one can do with firebird?

Using Windows XP/7/8 with PostgreSQL 9.x.

score 2 · Answer 1 · edited May 23 '17 at 12:09

2

I suggest to use a .pgpass file.

On Microsoft Windows the file is named %APPDATA%\postgresql\pgpass.conf (where %APPDATA% refers to the Application Data subdirectory in the user's profile)

You could set an environment variable, but you are right in trying to avoid that. It's discouraged in the manual:

PGPASSWORD behaves the same as the password connection parameter. Use of this environment variable is not recommended for security reasons, as some operating systems allow non-root users to see process environment variables via ps; instead consider using the ~/.pgpass file

More about access without password:
Run batch file with psql command without password

edited May 23 '17 at 12:09

Community

1
1

answered Apr 09 '14 at 22:07

Erwin Brandstetter

539,169
125
977
1,137

Erwin, good point re `PGPASSWORD` in your comment; might be worth adding here. – Craig Ringer Apr 10 '14 at 02:34
@CraigRinger: The quote is in the earlier answer I linked to. But following your advice I added it here, too. – Erwin Brandstetter Apr 10 '14 at 02:40

Restore a PostgreSQL database without setting the password in the environment

1 Answers1