Features
ALTER USER (or \password in psql) securely updates a PostgreSQL role’s login password.
Rotate passwords after onboarding, role changes, suspected breaches, or policy-driven intervals. Short expiry cycles reduce risk.
Use SQL ALTER USER/ROLE inside any client, or run \password in the psql shell for interactive input.
Only a superuser or the role itself may change its password.Regular users cannot alter other accounts.
psql -U alice -d ecommerce
\password
psql prompts for the new secret and stores it hashed (SCRAM-SHA-256 by default).
ALTER USER app_user WITH PASSWORD 'Sup3rSecure!';
Run as postgres or another superuser. This immediately invalidates existing sessions unless password_encryption changes.
Set password_encryption = 'scram-sha-256' in postgresql.conf before issuing ALTER USER.PostgreSQL then stores SCRAM hashes.
Yes. Combine psql -c "ALTER USER ..." with shell secret managers or CI pipelines.Always quote the password string.
export NEW_PW=$(aws secretsmanager get-secret-value ...)
psql -d postgres -U postgres -c "ALTER USER app_user WITH PASSWORD '$NEW_PW';"
Store secrets in a vault, rotate regularly, enforce least privilege, audit pg_authid, and use SCRAM over MD5.
Active sessions keep working until they reconnect.Plan rotations during low-traffic windows.
Reconnect with the new credentials, or query SELECT rolname, rolpassword FROM pg_authid; as a superuser (hashed only).
No built-in rollback exists. Keep the previous secret in your vault until new connections succeed.
ALTER ROLE is an alias for ALTER USER; CREATE USER sets an initial password; DROP USER removes the role.
.
No. The statement text appears in logs, but the password is masked if log_statement is not set to all. Avoid super-verbose logging.
Yes. Set VALID UNTIL to a past timestamp. Next login prompts for a new password if you require PASSWORD polices externally.
PostgreSQL 13+ defaults to SCRAM-SHA-256. Older clusters may still use MD5 until password_encryption is updated.
.avif){kind=logo}
