skip to Main Content

I have docker-compose.yaml file containing this data:

services:
  db:
    image: postgres
    restart: always
    environment: 
      POSTGRES_PASSWORD: p2ostgres1
    ports:
      - '6000:5432'
    volumes:
      - pgdata:/var/lib/postgresql/data

volumes:
  pgdata:

after running docker-compose up and making some changes to the database, i can access that database again even if I change the password in the POSTGRES_PASSWORD: p2ostgres1 field. I can access the tables and the values inside ’em.

Is that okay? is that safe?

2

Answers


    1. [remove] $ docker compose down or docker rm <id>
    2. [create new container] $ docker compose up

    The docker container should be removed docker rm <id> or docker compose down and then create new docker container to apply new password

    How docker works, it pulls public image by default from hub.docker.com.

    Now a container(i.e. running on your OS) is built on top of the base image postgres, which is READ-ONLY but the running container has copy of the original image, READ-WRITE file system and other configurations like metadata, IPAddress etc.

    So, when new container is spinned with docker compose up with docker-compose.yml file or docker run, it creates a container, whose IPAddress is permanent until the image is not removed by docker compose down or docker rm <id>

    Login or Signup to reply.
  1. POSTGRES_PASSWORD is used only once, initially, to set your first password. If the database is already set up (you ran it and did some changes on it), the variable won’t be used for anything:

    This variable defines the superuser password in the PostgreSQL instance, as set by the initdb script during initial container startup.

    If you want to change the password on an already initialised database, you can run an alter role query as a part of the changes you’re applying to it:

    ALTER ROLE postgres SET ENCRYPTED PASSWORD 'your_new_password';
    

    If you’re testing with connections from within the container, those will not be required to provide any password at all: by default pg_hba.conf will be set up to trust localhost.

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search