pg_password — change user password
pg_password [option...]
pg_password is a utility for changing the user password without intermittent authentication failures.
Intermittent authentication failures can occur if a new password is already set in the database but not yet in the application's configuration file or vice versa. pg_password lets the administrator set the next password in the database without deleting the existing one, so that both passwords can be used for authentication temporarily. Once all the clients are aware of the new password, the administrator should use pg_password again to replace the existing password with the new one, so that authentication using the old password does not work anymore.
-d dbname--dbname=dbname #The name of the database to connect to.
-h host--host=host #Host name of the machine on which the server is running. If the value begins with a slash, it is used as the directory for the Unix domain socket.
-p port--port=port #TCP port or the local Unix-domain socket file extension on which the server is listening for connections.
-U username--username=username #
Name of the user whose password should be changed. The user must have
the LOGIN attribute.
-s password--set-next-password=password #Prepare for password rotation.
When this option is passed, pg_password prompts the user for a password that should replace the current password, and stores it (encrypted) in the database. Once this step is completed, the new password can be used for authentication. The original password can be used as well, until the actual rotation is performed.
-r--rotate-passwords #Perform password rotation.
When this option is passed, pg_password
replaces the existing password with the password that was set previously
using the --set-next-password option. Only the latter
can now be used for authentication.
-?--help #Show help about pg_password command line arguments, and exit.