Skip to main content
pgconsole supports multiple authentication methods to secure access to your database console.

Available Methods

MethodDescriptionBest For
Email/PasswordBuilt-in local authenticationSimple setups, small teams
SSO (Google, Okta, Keycloak)OAuth providersEnterprise, existing identity providers

Configuration

Authentication is configured in your pgconsole.toml file. Add an [auth] section and [[users]] entries:
pgconsole.toml
[auth]
# openssl rand -hex 32
jwt_secret = "your-secret-key-at-least-32-characters-long"
signin_expiry = "7d"  # h=hours, d=days, w=weeks

[[users]]
email = "[email protected]"
password = "your-secure-password"

[[users]]
email = "[email protected]"
password = "another-password"

[[users]]
email = "[email protected]"  # SSO-only, no password
Users with a password field can sign in with email/password. Users without a password field are SSO-only — they must sign in via an OAuth provider. See Authentication and Users in the configuration reference for all available fields.

Disabling Authentication

To run pgconsole without authentication (not recommended for production), simply omit the [auth] section from your configuration file.