PostgreSQL
PostgreSQL Global Development Groupdatabase3 credentials
Database Role Password
postgresql / role-password
PostgreSQL supports password-based authentication methods including scram-sha-256 and md5. PostgreSQL documents managing role passwords with CREATE ROLE, ALTER ROLE, and psql \password, and stores password material for database users in the pg_authid system catalog.
Looks like
patternCREATE\s+ROLE\s+\S+\s+WITH\s+LOGIN\s+PASSWORD\s+'[^'\r\n]+'ALTER\s+ROLE\s+\S+\s+(?:WITH\s+)?PASSWORD\s+'[^'\r\n]+'Location
pg_authid.rolpasswordPostgreSQL system catalog storing SCRAM or MD5 password verifier material for roles
application config, .env files, connection strings, service files, and deployment manifests
PGPASSWORD, PGUSER, PGDATABASE, DATABASE_URL, POSTGRES_PASSWORDKubernetes Secrets, cloud secret managers, CI/CD variables, and password vault entries
application connection strings, migration scripts, tests, and accidentally committed configs
failed connection traces, ORM debug logs, and CI output
tcp/5432PostgreSQL client authentication endpoint governed by pg_hba.conf
Notes
There is no universal PostgreSQL default password. Packaged images or hosted services may generate or require per-install passwords; model those as distribution-specific credentials if documented.
libpq Password File Entry
postgresql / pgpass-file-entry
PostgreSQL libpq clients can read passwords from a password file instead of prompting interactively. PostgreSQL documents the password file as a client-side credential store used by libpq applications.
Looks like
pattern^[^:\r\n]*:[^:\r\n]*:[^:\r\n]*:[^:\r\n]*:[^\r\n]+$Location
~/.pgpass, %APPDATA%\postgresql\pgpass.conflibpq password file used by psql and many PostgreSQL clients
PGPASSFILEenvironment variable overriding the password file location
workstation credential stores and deployment secrets that materialize .pgpass files
accidentally committed .pgpass files, test fixtures, and container build contexts
debug output showing connection parameters or generated password files
Notes
A .pgpass entry can grant database access anywhere the referenced host, port, database, and user are reachable.
Trust Authentication Rule
postgresql / pg-hba-trust-auth
PostgreSQL pg_hba.conf can use the trust authentication method, which allows anyone who can connect to the server to log in as any matching PostgreSQL user without a password. PostgreSQL documents this as an unconditional login method for matching clients.
Looks like
pattern^(?:local|host)\s+\S+\s+\S+(?:\s+\S+\s+\S+)?\s+trust(?:\s|$)Location
pg_hba.confPostgreSQL host-based authentication configuration
container images, Helm charts, local dev configs, and committed database setup files
container images or VM images containing insecure pg_hba.conf rules
Notes
Trust rules are not credentials, but they create passwordless access for matching connection sources and database users.
Scope
Authorized use
LOLCreds helps map the credential surface of real products: known defaults, generated values, credential locations, and exposure patterns.