Question posted in 
I have docker-compose.yaml file containing this data:
services:
db:
image: postgres
restart: always
environment:
POSTGRES_PASSWORD: p2ostgres1
ports:
- '6000:5432'
volumes:
- pgdata:/var/lib/postgresql/data
volumes:
pgdata:
after running docker-compose up and making some changes to the database, i can access that database again even if I change the password in the POSTGRES_PASSWORD: p2ostgres1 field. I can access the tables and the values inside ’em.
Is that okay? is that safe?
2
Answers
$ docker compose downordocker rm <id>$ docker compose upThe docker container should be removed
docker rm <id>ordocker compose downand then create new docker container to apply new passwordHow docker works, it pulls public image by default from hub.docker.com.
Now a container(i.e. running on your OS) is built on top of the base image
postgres, which isREAD-ONLYbut the running container has copy of the original image,READ-WRITEfile system and other configurations likemetadata,IPAddressetc.So, when new container is spinned with
docker compose upwithdocker-compose.ymlfile ordocker run, it creates a container, whoseIPAddressis permanent until the image is not removed bydocker compose downordocker rm <id>POSTGRES_PASSWORDis used only once, initially, to set your first password. If the database is already set up (you ran it and did some changes on it), the variable won’t be used for anything:If you want to change the password on an already initialised database, you can run an
alter rolequery as a part of the changes you’re applying to it:If you’re testing with connections from within the container, those will not be required to provide any password at all: by default
pg_hba.confwill be set up to trust localhost.