DEV Community: Nhat Bui The latest articles on DEV Community by Nhat Bui (@nhatbui). https://dev.to/nhatbui https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F932158%2F516a07b8-c6af-463e-ab60-07aa6b73fd45.png DEV Community: Nhat Bui https://dev.to/nhatbui en Creating a Role in Postgres Properly Nhat Bui Sun, 25 Sep 2022 13:10:51 +0000 https://dev.to/nhatbui/creating-a-role-in-postgres-properly-16ab https://dev.to/nhatbui/creating-a-role-in-postgres-properly-16ab <p>Here's how to create a role that can log in, but don't give it a password:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">CREATE</span> <span class="k">ROLE</span> <span class="n">nhatbui</span> <span class="n">LOGIN</span><span class="p">;</span> </code></pre> </div> <p>And here is creating a role with a password that is valid until the end of 2022. After one second has ticked in 2023, the password is no longer valid:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">CREATE</span> <span class="k">USER</span> <span class="n">nhatbui</span> <span class="k">WITH</span> <span class="n">PASSWORD</span> <span class="s1">'st@bl3nhAt'</span> <span class="k">VALID</span> <span class="k">UNTIL</span> <span class="s1">'2023-01-01'</span><span class="p">;</span> </code></pre> </div> <p>The syntax is fine. But what could possibly go wrong? Oh dear, your password will appear as plain text somewhere in the log file; it can be stolen in no easier way. To do it properly, we first create a role that can log in but don't give it a password:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">CREATE</span> <span class="k">ROLE</span> <span class="n">nhatbui</span> <span class="n">LOGIN</span><span class="p">;</span> </code></pre> </div> <p>Once the role <code>nhatbui</code> is created, we can then give it a password with this command (psql):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="err">\</span><span class="n">password</span> <span class="n">nhatbui</span> </code></pre> </div> <p>The terminal now will ask you to type in the new password. Just like other passwords, it will be hidden in the terminal. So just type without wondering. Here's what mine displays:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="n">postgres</span><span class="o">=#</span> <span class="err">\</span><span class="n">password</span> <span class="n">nhatbui</span> <span class="n">Enter</span> <span class="k">new</span> <span class="n">password</span> <span class="k">for</span> <span class="k">user</span> <span class="nv">"nhatbui"</span><span class="p">:</span> <span class="n">Enter</span> <span class="n">it</span> <span class="n">again</span><span class="p">:</span> </code></pre> </div> <p>As far as I am aware, Postgres will hash the password before storing it, unless the supplied string is already hashed. So you don't have to hash it manually.</p> postgres database