2019-05-28 01:30:18 -05:00
.. _master_password:
***** ***** ***** ***** *** *
`Master Password` :index:
***** ***** ***** ***** *** *
2023-06-08 08:17:50 -05:00
.. note :: pgAdmin 4 uses the operating system password store by default to store the saved server passwords in desktop mode from version 7.2 onwards and Master password will not be required.
If the operating system password store is not available then pgAdmin 4 will continue to use a master password as per the configuration settings.
2019-06-05 09:20:38 -05:00
A master password is required to secure and later unlock the saved server
2023-06-08 08:17:50 -05:00
passwords. This is applicable for desktop mode and in server mode if authentication source contains OAuth2 or Kerberos or Webserver.
2019-05-28 01:30:18 -05:00
2019-06-05 09:20:38 -05:00
* You are prompted to enter the master password when you open the window for
the first time after starting the application.
* Once you set the master password, all the existing saved passwords will be
re-encrypted using the master password.
2022-10-20 05:48:41 -05:00
* The server passwords which are saved in the SQLite DB file or External
Database are encrypted and decrypted using the master password.
2019-05-28 01:30:18 -05:00
.. image :: images/master_password_set.png
:alt: Set master password
:align: center
2021-03-01 04:47:50 -06:00
.. note :: pgAdmin aims to be **secure by default** , however, you can disable the master
password by setting the configuration parameter *MASTER_PASSWORD_REQUIRED=False* .
See :ref: `config_py` for more information on configuration parameters and how
they can be changed or enforced across an organisation.
2019-05-28 01:30:18 -05:00
2022-04-22 05:28:06 -05:00
.. note :: If the master password is disabled, then all the saved passwords will
be removed.
2019-05-28 01:30:18 -05:00
2019-06-05 09:32:47 -05:00
.. warning :: If the master password is disabled, then the saved passwords will
2022-04-22 05:28:06 -05:00
be encrypted using a key which is derived from information within the
configuration database. Use of a master password ensures that the encryption
key does not need to be stored anywhere, and thus prevents possible access
to server credentials if the configuration database becomes available to an
attacker.
2019-06-05 09:32:47 -05:00
It is **strongly** recommended that you use the master password if you use
the *Save Password* option.
2019-06-05 09:20:38 -05:00
* The master password is not stored anywhere on the physical storage. It is
temporarily stored in the application memory and it does not get saved when
the application is restarted.
* You are prompted to enter the master password when pgAdmin server is
restarted.
2019-05-28 01:30:18 -05:00
.. image :: images/master_password_enter.png
:alt: Enter master password
:align: center
2019-06-05 09:20:38 -05:00
* If you forget the master password, you can use the *Reset Master Password*
button to reset the password.
2019-05-28 01:30:18 -05:00
.. image :: images/master_password_reset.png
:alt: Reset master password
:align: center
2019-06-05 09:20:38 -05:00
.. warning :: Resetting the master password will also remove all saved passwords
and close all existing established connections.
2023-05-22 00:38:29 -05:00