pgAdmin 4 introduced the Master Password in order to secure and later unlock saved server passwords. Any password that is saved in the SQLite DB file - used for storing user preferences and other data - through the save password or save SSH tunnel password option will be encrypted and decrypted using the master password.
The feature was introduced in pgAdmin 4 version 4.7 and above. This is applicable to Desktop mode users as well as to authentication methods like OAuth, Kerberos, or Web Server where pgAdmin doesn’t have access to anything long-lived to form the encryption key whereas with pgAdmin internal or LDAP authentication methods, the user’s login password is used as an encryption key.
Note: The master password is not stored anywhere on physical storage. It is temporarily stored in the application memory and it does not get saved when the application is restarted.
Why did pgAdmin 4 introduce Master Password?
pgAdmin can store encrypted PostgreSQL server passwords in a local SQLite database if the user chooses to do so. The master password serves as the encryption key for the stored passwords.
Previously, pgAdmin used to encrypt/decrypt all saved passwords using a key which is stored in the same SQLite database. The result is that attackers or malware could potentially scan for PostgreSQL server credentials and a key, figure out how to decrypt them and gain access to your database servers.
pgAdmin 4 asks for the Master Password at startup
Set the password of your choice to secure and later unlock all the passwords.
Note: Once you set the master password, all the existing saved passwords will be re-encrypted using the master password.
In case you have already set the Master Password, enter it and click on 'OK'.
Reset Master Password
If you forget the master password, you can use the Reset Master Password button to reset the password.
Warning: Resetting the master password will also remove all saved passwords and close all existing established connections.
Disabling the Master Password
pgAdmin aims to be secure by default, however you can disable the master password by setting the configuration paramaster MASTER_PASSWORD_REQUIRED = False in the config_local.py or config_system.py file. For more information see the pgAdmin docs.
Note: If the master password is disabled (which is not recommended), then the saved passwords will be encrypted using a key which is less secure because the encryption key and passwords are stored in the same SQLite database.
If you wish to use the Save Password option to protect your passwords from attackers, it is strongly recommended that you use the master password.