Vipin Madhusoodanan <vipin.madhusoodanan@xxxxxxxxx> writes: > Hi Team, > > We have a security requirement to encrypt passwords in .pgpass file. Could you please advise on the options and steps to be followed to achieve this. > Basically, don't use .pgpass. I think .pgpass should be viewed as old legacy solution which is not terribly compatible with today's security requirements. I don't think there is support for encrypting the .pgpass file. Even if you could encrypt the .pgpass file, you would then need to decrypt it with a passpharase anyway (you could have a key which has no passpharase, but if that is on the same system, what have you achieved apart from a false sense of security). How to best solve your requirement depends on the specifics of your requirement. However, often you can implement something more secure by using environment variables which are set for the process the psql (or whatever) command executes in. The value for the variable can be obtained from a secure source, such as a keyring, ldap server, gpg encrypted file etc.
