length, complexity, etc without users having to send their cleartext passwords to the server, which is a much bigger security fail than anything appearing on your list. Best practice these days is to use SCRAM,
POSTGRES_PASSWORD_FILEenvironment variable, either by parsing the yaml or by connecting to the running container. We'd then have to read that file in the container to determine the password. Our opinion is that this would add a significant amount of complexity for minimal benefit. If you reall...
By default, when you create a PostgreSQL cluster, password authentication for the database superuser (“postgres”) is disabled. The simplest and safest way to add a password to the “postgres” user is to connect to the local server using “psql” (see steps #1 and #2 above), then typ...