Change the PuppetDB user password

The Puppet Enterprise (PE) console uses a database user account to access its PostgreSQL database. Change this database user's password if it is compromised or to comply with your organization's security guidelines.

1. Stop the pe-puppetdb service by running:

   puppet resource service pe-puppetdb ensure=stopped

2. On the database server (which, depending on your deployment's architecture, might or might not be the same as the PuppetDB server), use your preferred PostgreSQL administration tool to change the user's password.

   With the standard PostgreSQL client, you can do this by running:

   ALTER USER console PASSWORD '<new password>';

3. On the PuppetDB server, open the database.ini file located at /etc/puppetlabs/puppetdb/conf.d/database.ini, and change the password line to reflect the new password.

   The password line is under either common or production, depending on your configuration.

4. Save the file and restart the pe-puppetdb service on the console server by running:

   puppet resource service pe-puppetdb ensure=running