{"id":7526,"library":"pulumi-postgresql","title":"Pulumi PostgreSQL","description":"The `pulumi-postgresql` package provides a Pulumi provider for creating and managing PostgreSQL cloud resources. It allows users to define PostgreSQL databases, roles, schemas, and other configurations as infrastructure-as-code using Python and other supported languages. The provider is derived from the Terraform PostgreSQL provider and receives frequent updates, often alongside its upstream dependencies.","status":"active","version":"3.16.3","language":"en","source_language":"en","source_url":"https://github.com/pulumi/pulumi-postgresql","tags":["pulumi","iac","postgresql","database","cloud"],"install":[{"cmd":"pip install pulumi_postgresql","lang":"bash","label":"Install with pip"}],"dependencies":[{"reason":"Core Pulumi SDK is required to define and manage infrastructure.","package":"pulumi"}],"imports":[{"note":"This is the conventional alias used in Pulumi Python programs for the PostgreSQL provider.","symbol":"postgresql","correct":"import pulumi_postgresql as postgresql"},{"symbol":"Database","correct":"from pulumi_postgresql import Database"},{"symbol":"Role","correct":"from pulumi_postgresql import Role"}],"quickstart":{"code":"import pulumi\nimport pulumi_postgresql as postgresql\nimport os\n\n# Configure PostgreSQL provider using environment variables for sensitive data\n# Alternatively, use `pulumi config set postgresql:host <value>` etc.\n# For passwords, use `pulumi config set --secret postgresql:password <value>`\n\npg_host = os.environ.get('PGHOST', 'localhost')\npg_user = os.environ.get('PGUSER', 'postgres')\npg_password = os.environ.get('PGPASSWORD', 'password')\npg_database = os.environ.get('PGDATABASE', 'postgres') # Database for initial connection\npg_port = os.environ.get('PGPORT', '5432')\npg_sslmode = os.environ.get('PGSSLMODE', 'disable') # Often 'disable' for local dev, 'require' for production\n\n# The provider needs to be explicitly configured if not using default environment variables or pulumi config.\n# For this example, we're relying on environment variables or `pulumi config`.\n# If you need to explicitly create a provider instance:\n# pg_provider = postgresql.Provider(\"pg-provider\",\n#     host=pg_host,\n#     username=pg_user,\n#     password=pg_password,\n#     database=pg_database,\n#     port=pg_port,\n#     sslmode=pg_sslmode\n# )\n\n# Create a new PostgreSQL database\nnew_db = postgresql.Database(\"my-new-database\",\n    name=\"mydatabase\",\n    opts=pulumi.ResourceOptions(delete_before_replace=True) # Optional: ensures clean replacement if name changes\n)\n\n# Create a new PostgreSQL role (user)\nnew_role = postgresql.Role(\"my-app-role\",\n    name=\"app_user\",\n    login=True,\n    password=\"strong_password_here\", # In production, this should be a secret!\n    opts=pulumi.ResourceOptions(delete_before_replace=True) # Optional\n)\n\n# Export the database name and role name\npulumi.export('database_name', new_db.name)\npulumi.export('role_name', new_role.name)\n","lang":"python","description":"This quickstart demonstrates how to create a new PostgreSQL database and a new role (user) using the `pulumi-postgresql` provider. It assumes PostgreSQL connection details are configured via environment variables (`PGHOST`, `PGUSER`, `PGPASSWORD`, `PGDATABASE`, `PGPORT`, `PGSSLMODE`) or Pulumi configuration. For local development, `PGSSLMODE` is often set to `disable` to avoid SSL connection errors. Always manage sensitive data like passwords using Pulumi secrets."},"warnings":[{"fix":"Set `sslmode` to `disable` in your provider configuration or via `PGSSLMODE` environment variable if your server doesn't use SSL. For production, ensure SSL is configured and `sslmode` is set to `verify-ca` or `verify-full`.","message":"The default `sslmode` for the PostgreSQL provider is `require` (always SSL, also skip verification). If your PostgreSQL server is not configured for SSL, connection attempts will fail.","severity":"gotcha","affected_versions":"All v3.x"},{"fix":"Use `pulumi config set --secret postgresql:password <YOUR_PASSWORD>` when setting passwords via Pulumi configuration. If using environment variables, ensure proper secure handling of `PGPASSWORD`.","message":"Sensitive configuration values, such as `postgresql:password`, should always be managed using Pulumi's secret encryption to prevent them from being stored in plain text in your state file.","severity":"gotcha","affected_versions":"All versions"},{"fix":"Set `superuser` to `false` in your provider configuration or ensure the connecting user has the necessary privileges for operations you intend to perform. Consult provider documentation for specific resource requirements.","message":"Some PostgreSQL provider features, such as refreshing state passwords from the database, require the connecting user to be a PostgreSQL superuser. If the user is not a superuser (common in cloud-managed databases like AWS RDS or GCP SQL), these features might be disabled.","severity":"gotcha","affected_versions":"All v3.x"},{"fix":"Always run `pulumi preview` before `pulumi up` after provider upgrades to understand proposed changes. If resources are incorrectly marked for replacement or removal, investigate changes in input properties or provider behavior. A `pulumi refresh` followed by a `pulumi up` might be necessary, but ensure you understand the implications, particularly for functions or complex objects.","message":"Upgrades to the `pulumi-terraform-bridge` or `terraform-provider-postgresql` dependencies can occasionally introduce changes in how resources are identified or managed, potentially leading to 'replace' actions or resources being removed from the Pulumi state during a `pulumi refresh`.","severity":"breaking","affected_versions":"Potentially across all minor/patch versions, especially with larger bridge upgrades (e.g., from v3.15.1 to newer versions)."}],"env_vars":null,"last_verified":"2026-04-16T00:00:00.000Z","next_check":"2026-07-15T00:00:00.000Z","problems":[{"fix":"Set the `sslmode` configuration option to `disable`. This can be done via `pulumi config set postgresql:sslmode disable` or by setting the `PGSSLMODE` environment variable to `disable`. Ensure this is appropriate for your environment.","cause":"The PostgreSQL provider's default `sslmode` is `require`, meaning it attempts an SSL connection, but the target PostgreSQL server is not configured to accept SSL connections.","error":"Error connecting to PostgreSQL server (scheme: postgres): XXXXpXXXXq: SSL is not enabled on the server"},{"fix":"Provide the PostgreSQL host. For example, `export PGHOST=your_db_host` or `pulumi config set postgresql:host your_db_host`. Ensure `host` is reachable from where Pulumi is executed.","cause":"The PostgreSQL provider requires the `host` (server address) to connect, but it was not provided via environment variables (`PGHOST`), Pulumi configuration (`postgresql:host`), or explicit provider arguments.","error":"missing required configuration key: host"},{"fix":"Grant the necessary permissions to the connecting PostgreSQL user, or configure the Pulumi provider to use a user with adequate privileges (e.g., a superuser or a user with `CREATEDB` privilege for database creation).","cause":"The PostgreSQL user configured for the provider (`postgresql:username` or `PGUSER`) does not have sufficient privileges to perform the requested operation on the specified database (e.g., creating a new database or role).","error":"pg: permission denied for database \"my_new_database\""}]}