I have docker-compose.yaml file containing this data:
services:
db:
image: postgres
restart: always
environment:
POSTGRES_PASSWORD: p2ostgres1
ports:
- '6000:5432'
volumes:
- pgdata:/var/lib/postgresql/data
volumes:
pgdata:
after running docker-compose up
and making some changes to the database, i can access that database again even if I change the password in the POSTGRES_PASSWORD: p2ostgres1
field. I can access the tables and the values inside ’em.
Is that okay? is that safe?
2
Answers
$ docker compose down
ordocker rm <id>
$ docker compose up
The docker container should be removed
docker rm <id>
ordocker compose down
and then create new docker container to apply new passwordHow docker works, it pulls public image by default from hub.docker.com.
Now a container(i.e. running on your OS) is built on top of the base image
postgres
, which isREAD-ONLY
but the running container has copy of the original image,READ-WRITE
file system and other configurations likemetadata
,IPAddress
etc.So, when new container is spinned with
docker compose up
withdocker-compose.yml
file ordocker run
, it creates a container, whoseIPAddress
is permanent until the image is not removed bydocker compose down
ordocker rm <id>
POSTGRES_PASSWORD
is used only once, initially, to set your first password. If the database is already set up (you ran it and did some changes on it), the variable won’t be used for anything:If you want to change the password on an already initialised database, you can run an
alter role
query as a part of the changes you’re applying to it:If you’re testing with connections from within the container, those will not be required to provide any password at all: by default
pg_hba.conf
will be set up to trust localhost.