Fork me on GitHub

Quick Links


Download


FAQ


Latest Docs


Get Help


Screenshots

This page in other versions: Latest (8.5) | 8.4 | 8.3 | 7.8 | 6.21 | Development

Navigation

Warning: This documentation is for a pre-release version of pgAdmin 4

Contents

Master Password

Note

pgAdmin 4 uses the operating system password store by default to store the saved server passwords in desktop mode from version 7.2 onwards and Master password will not be required. If the operating system password store is not available then pgAdmin 4 will continue to use a master password as per the configuration settings.

A master password is required to secure and later unlock the saved server passwords. This is applicable for desktop mode and in server mode if authentication source contains OAuth2 or Kerberos or Webserver.

  • You are prompted to enter the master password when you open the window for the first time after starting the application.

  • Once you set the master password, all the existing saved passwords will be re-encrypted using the master password.

  • The server passwords which are saved in the SQLite DB file or External Database are encrypted and decrypted using the master password.

Set master password

Note

pgAdmin aims to be secure by default, however, you can disable the master password by setting the configuration parameter MASTER_PASSWORD_REQUIRED=False. See The config.py File for more information on configuration parameters and how they can be changed or enforced across an organisation.

Note

If the master password is disabled, then all the saved passwords will be removed.

Warning

If the master password is disabled, then the saved passwords will be encrypted using a key which is derived from information within the configuration database. Use of a master password ensures that the encryption key does not need to be stored anywhere, and thus prevents possible access to server credentials if the configuration database becomes available to an attacker.

It is strongly recommended that you use the master password if you use the Save Password option.

  • The master password is not stored anywhere on the physical storage. It is temporarily stored in the application memory and it does not get saved when the application is restarted.

  • You are prompted to enter the master password when pgAdmin server is restarted.

Enter master password

  • If you forget the master password, you can use the Reset Master Password button to reset the password.

Reset master password

Warning

Resetting the master password will also remove all saved passwords and close all existing established connections.