How to Change a Password in PostgreSQL

Galaxy Glossary

How do I change a PostgreSQL user password?

ALTER USER (or \password in psql) securely updates a PostgreSQL role’s login password.

Welcome to the Galaxy, Guardian!

Oops! Something went wrong while submitting the form.

Description

Example H2

Example H3

When should I change a PostgreSQL password?

Rotate passwords after onboarding, role changes, suspected breaches, or policy-driven intervals. Short expiry cycles reduce risk.

Which methods exist?

Use SQL ALTER USER/ROLE inside any client, or run \password in the psql shell for interactive input.

What privileges are required?

Only a superuser or the role itself may change its password.Regular users cannot alter other accounts.

How do I change my own password?

psql -U alice -d ecommerce \password

psql prompts for the new secret and stores it hashed (SCRAM-SHA-256 by default).

How do I change another role’s password?

ALTER USER app_user WITH PASSWORD 'Sup3rSecure!';

Run as postgres or another superuser. This immediately invalidates existing sessions unless password_encryption changes.

How do I enforce encryption?

Set password_encryption = 'scram-sha-256' in postgresql.conf before issuing ALTER USER.PostgreSQL then stores SCRAM hashes.

Can I script password rotation?

Yes. Combine psql -c "ALTER USER ..." with shell secret managers or CI pipelines.Always quote the password string.

Example in a deployment script

export NEW_PW=$(aws secretsmanager get-secret-value ...) psql -d postgres -U postgres -c "ALTER USER app_user WITH PASSWORD '$NEW_PW';"

Best practices

Store secrets in a vault, rotate regularly, enforce least privilege, audit pg_authid, and use SCRAM over MD5.

What happens to existing connections?

Active sessions keep working until they reconnect.Plan rotations during low-traffic windows.

How do I verify the change?

Reconnect with the new credentials, or query SELECT rolname, rolpassword FROM pg_authid; as a superuser (hashed only).

Is rolling back possible?

No built-in rollback exists. Keep the previous secret in your vault until new connections succeed.

Related commands

ALTER ROLE is an alias for ALTER USER; CREATE USER sets an initial password; DROP USER removes the role.

Why How to Change a Password in PostgreSQL is important

How to Change a Password in PostgreSQL Example Usage


--Rotate the password for the application role used by the ecommerce site
ALTER USER app_user WITH PASSWORD 'Sup3rSecure!';

How to Change a Password in PostgreSQL Syntax


--Change own password (run as the user)
\password

--Change another role’s password (run as superuser)
ALTER USER role_name WITH [ENCRYPTED] PASSWORD 'new_password';
--optional parameters
-- ENCRYPTED | UNENCRYPTED      --force stored hash type (deprecated)
-- VALID UNTIL 'timestamp'      --set password expiry
-- IN ROLE role_name            --assign membership (rare for password change)

--E-commerce context
--App user owning tables Customers, Orders, Products, OrderItems
ALTER USER app_user WITH PASSWORD 'Sup3rSecure!';

Common Mistakes

Mistake: Omitting quotes around the new password string. Fix: Always wrap the password in single quotes—PostgreSQL treats unquoted text as identifiers.
Mistake: Changing the password without updating application secrets, causing login failures. Fix: Rotate the secret in your vault and redeploy apps immediately after ALTER USER.