Some people have recently come across an error with the circleci/postgres image that looks something like this:
Error: Database is uninitialized and superuser password is not specified.
You must specify POSTGRES_PASSWORD for the superuser. Use
"-e POSTGRES_PASSWORD=password" to set it in "docker run".
You may also use POSTGRES_HOST_AUTH_METHOD=trust to allow all connections
without a password. This is *not* recommended. See PostgreSQL
documentation about "trust":
https://www.postgresql.org/docs/current/auth-trust.html
The PostgreSQL Docker Team pushed a breaking change as a patch release for several PostgreSQL versions. While a breaking change in a patch release is unfortunate, this change was done for the sake of security.
The Problem
Newer upstream PostgreSQL Docker images, and thus the CircleCI images, now require a password for use. If you were previously using passwordless access to a PostgreSQL DB within CircleCI, it will likely fail.
Affected Versions
Hereās a list of versions for where this change takes affect. This may not be a complete list. Even if youāre using an unaffected version, you can always implement one of the solutions below to future proof from this change.
- v12.2 and up
- v11.7 and up
- v10.12 and up
- v9.6.17 and up
- v9.5.21 and up
Solutions
Option 1 - Implement a password
You can set a password for PostgreSQL using the environment variable POSTGRES_PASSWORD. Then youād need to simply use that password when connecting to the DB. Hereās how you would add it to your CircleCI config:
job:
build:
docker:
- image: circleci/postgres:9.6
environment:
#...
POSTGRES_PASSWORD: password
#...
Option 2 - Disable the password requirement
You can disable the new password requirement basically reverting to original behavior of the PostgreSQL image. This is done by setting the environment variable POSTGRES_HOST_AUTH_METHOD to ātrustā. Hereās how you would add it to your CircleCI config:
job:
build:
docker:
- image: circleci/postgres:9.6
environment:
#...
POSTGRES_HOST_AUTH_METHOD: trust
#...
Any questions or additional information to add? Please post them here.
3 Likes
Iād add that what probably matters the most is whether youāre using this image for your primary container or not. If not, you have to store the password in config.yml because thereās no way to get any secret there safely (e.g., via setting project environment variable) unless Iām missing something. If you canāt use safe password, why even botherā¦ If password is needed for some reason, setting an empty password might be best to signal to the reader unfamiliar with PostgreSQL authentication that this isnāt about safety.
Sadly, this whole thing is quite unfortunate because the error message is confusing. The documentation hasnāt be updated (I know I can submit PRs 
), the Docker image documentation doesnāt tackle this and the upstream image talks about this in production contextā¦ This isnāt a criticism of CircleCI but my current state which can serve as shorter description of problem areas that would be nice to address IMHO 
1 Like
Hi @0W9cuJpS, and welcome to the communityf! Thanks for offering feedback - weāre always happy to hear it.
1 Like
The CircleCI Documentations? If so, where would you image to see this in the docs?
I donāt know the product, company or broader community enough as to say what the standards and expectations are ā I simply inherited quite a lot of pipelines where CircleCI plays a central role. So, Iām not sure if Iām the right person to answer this.
Nevertheless, I prefer code examples to be self-contained (to work as-is), so Iād start with places identified by something like this:
git clone git@github.com:circleci/circleci-docs.git
fgrep -Rl 'circleci/postgres' circleci-docs
And make sure that all the examples work.
