Hashing algorithm used when storing passwords.
At a glance
| Property | Value |
|---|---|
| Parameter | password_encryption |
| Category | Authentication |
| Default | scram-sha-256 |
| Value type | boolean / enum / numeric |
| Change scope | Reload (no restart) |
What it does
Selects the algorithm used to hash passwords set with CREATE/ALTER ROLE ... PASSWORD. The default is scram-sha-256 since PostgreSQL 14.
How to apply a change
Takes effect on configuration reload (sighup context). Run SELECT pg_reload_conf(); or send SIGHUP — no restart needed.
Inspect the current value and source with SHOW password_encryption; or SELECT name, setting, unit, context, source FROM pg_settings WHERE name = 'password_encryption';.
Tuning guidance
Keep scram-sha-256. After switching from md5, each user must reset their password to be re-hashed, and clients/drivers must support SCRAM.