Thread: Docker setup without password

Hello everybody, 

I'd like to deploy PgAdmin4 with Ansible to a Docker Swarm cluster without any  
authentication and authorization, as it will not be exposed to the public. 

Only internal SSH users will be able to access the SSH tunnel endpoint, a unix 
domain socket. These users are already authenticated with their SSH public key 
and a second factor, and each of them is an experienced, trusted user. 

Unfortunately, PgAdmin4 makes it very hard for me to accomplish this, or maybe 
I didn't find or understand the relevant documentation. I have already managed 
to automatically login into PgAdmin4 by forcing it into desktop mode, but when 
I try to open a database in the menu on the left side, PgAdmin4 keeps asking 
for a password -- which has already been supplied with a PGPASS_FILE. 

Please, don't get me wrong: I highly appreciate when developers try to develop 
their software as secure as possible, thus protecting unexperienced users from 
insecure setups. And to be honest, I'm also not happy with having to force the 
software into desktop mode just to circumvent having to log into PgAdmin4. But 
then, having to spread passwords and add documentation to our projects just so 
my users can access that database doesn't make me happy either. 

What I have already accomplished and tried so far:

- force PgAdmin4 into desktop mode (PGADMIN_CONFIG_SERVER_MODE: "False"), thus 
  omitting the need to login into PgAdmin4
- adding a PGPASS_FILE (with and without leading dots) with Docker configs to 
  - /var/lib/pgadmin/pgpass
  - /var/lib/pgadmin/pgpass/storage/sw_lukenukem.de/pgpass
- setting the correct password in servers.json with the settings
  - Password 
  - PassFile

At the moment, the service configuration in my docker-compose.yml looks like 
so (and no, please rest assured that s3cR3t is not the real password ;-): 

--snip-----
pgadmin:
  image: dpage/pgadmin4:latest
  environment:
    PGADMIN_DEFAULT_EMAIL: "sw@lukenukem.de"
    PGADMIN_DEFAULT_PASSWORD: "s3cR3t"
    PGADMIN_LISTEN_ADDRESS: "0.0.0.0"
    PGADMIN_DISABLE_POSTFIX: "True"
    PGADMIN_CONFIG_SERVER_MODE: "False"
    PGADMIN_CONFIG_MASTER_PASSWORD_REQUIRED: "False"
    PGPASS_FILE: "/var/lib/pgadmin/pgpass"
  configs:
    - source: servers_json
      target: /pgadmin4/servers.json
    - source: pgpass
      target: /var/lib/pgadmin/pgpass
      uid: "5050"
      gid: "0"
      mode: 0600
    - source: pgpass
      target: /var/lib/pgadmin/storage/sw_lukenukem.de/pgpass
      uid: "5050"
      gid: "0"
      mode: 0600
--snip-----

However, after reading the documentation over and over and playing around with 
several configuration options, I'm at the end of my ideas. Any suggestions and 
hints are very welcome. If you need more information, please let me know. 

Thank you in advance and please excuse my bad english, I know I lack training. 

Best wishes,
Lutz

Hello,

Am Mittwoch, 26. März 2025, 11:05:30 CET schrieb Aditya Toshniwal:
> Did you try removing pgpass from configs? PGPASS_FILE should be enough.

Unfortunately, that doesn't work neither by setting this as an absolute nor as
a relative path. Whenever I open PgAdmin4 I'm logged in automatically but when
when i open "Servers" in the tree menu on the left, "db" shows up with a small
red cross and I'm asked to enter a password. Any more ideas?

Thanks in advance,
Lutz