invalid password
SQLSTATE 28P01 is a Postgres-specific error raised when password authentication fails — the supplied password does not match the stored credential for the connecting role. It is the authentication-phase counterpart to 28000.
- 1Incorrect password supplied in the connection string
- 2Password changed on the server but not updated in the application configuration
- 3Connecting with the wrong username (where passwords differ by role)
Connection attempt with a wrong password.
-- psql connection with wrong password: -- psql -U myapp -d mydb -W
expected output
FATAL: password authentication failed for user "myapp"
Fix 1
Verify and update the password in the application configuration
WHEN When the application receives 28P01.
-- Rotate the password if it was changed: ALTER ROLE myapp PASSWORD 'new_secure_password';
Why this works
Update the connection string in the application with the correct current password, then restart the application to reload the credentials.
Fix 2
Use a secrets manager to avoid hardcoded credentials
WHEN In production environments.
Why this works
Store database credentials in a secrets manager (AWS Secrets Manager, HashiCorp Vault, etc.) and have the application fetch them at runtime to avoid stale password issues.
✕ Log the password for debugging 28P01
Logging passwords creates a security vulnerability.
Class 28 — Invalid Authorization Specification (Postgres-specific)
Content generated with AI assistance and reviewed for accuracy. Found an error? hello@errcodes.dev