More Secure Method to Avoid Typing Your Password in YSQL

The YugabyteDB SQL shell ysqlsh provides a CLI for interacting with YugabyteDB using YSQL.

There is not a flag available on the command line to specify a password for a user, so you’ll have to enter the password when prompted.

We learned in a previous tip that we can set the Linux environment variable PGPASSWORD to avoid having to type the password.

A safer solution is to create a ~/.pgpass file for the user.

This file should contain a line of the following format:

  • hostname:port:database:username:password

Example:

				
					[josh@ip-10-38-2-166 bin]$ echo *:*:*:*:password > ~/.pgpass

[josh@ip-10-38-2-166 bin]$ chmod 0600 ~/.pgpass

[josh@ip-10-38-2-166 bin]$ ./ysqlsh -h 10.38.2.166 -U josh
ysqlsh (11.2-YB-2.16.0.1-b0)
Type "help" for help.

yugabyte=>
				
			

In the example I used a asterisk for the hostname, port, database and username. To be more secure, you should specify exact values.

Have Fun!

Even when it's raining, the sun is still out in Florida!