One obvious solution was to use .pgpass but it does not appeal me because it is again a security threat. any pointers or help may lead to unlocked secret.
.pgpass is the only way to do it that is NOT a security threat.You can set PGUSER and PGPASSWORD environmental variables, but they are easily readable from other processes.
I suggest allowing the 'postgres' user to connect with 'ident sameuser' in pg_hba.conf from the localhost only, then always just run pg_dump as 'postgres'.
Chris
