Skip to content

feat: Support MD5 and SCRAM-SHA-256 password encryption for PostgreSQL connection#111

Merged
xfg0218 merged 1 commit into
mainfrom
pr/password-encryption
May 7, 2026
Merged

feat: Support MD5 and SCRAM-SHA-256 password encryption for PostgreSQL connection#111
xfg0218 merged 1 commit into
mainfrom
pr/password-encryption

Conversation

@xfg0218
Copy link
Copy Markdown
Owner

@xfg0218 xfg0218 commented May 7, 2026

Overview

This PR adds support for different PostgreSQL password encryption methods (MD5 and SCRAM-SHA-256) to improve compatibility with different PostgreSQL server configurations.

Changes

1. Configuration (internal/config/config.go)

  • Added PasswordEncryption field to PostgreSQLConfig struct
  • Supports three values: md5, scram-sha-256, auto (default)

2. Connection Manager (internal/postgres/connection.go)

  • Modified NewConnection function to append password_encryption parameter to connection string
  • Added detailed comments explaining PostgreSQL encryption methods:
    • md5: Traditional encryption, best compatibility
    • scram-sha-256: More secure encryption (PostgreSQL 10+ default)
    • auto: Let PostgreSQL server decide (default behavior)

3. Example Configuration (config.example.yml)

  • Added password_encryption: auto configuration example

Motivation

PostgreSQL 10+ uses SCRAM-SHA-256 as the default password encryption method, which is more secure than the traditional MD5 method. However, some environments may still use MD5 for compatibility reasons. This change allows users to explicitly specify which encryption method to use, preventing authentication failures due to encryption method mismatches.

Usage Example

postgresql:
  host: localhost
  port: 5432
  username: postgres
  password: password
  database: test_db
  password_encryption: md5  # or scram-sha-256, or auto (default)

Testing

  • Code compiles successfully (go build -o mysql2pg ./cmd/)
  • go vet passes without warnings
  • Backward compatible (default behavior unchanged when not specified)
  • No breaking changes to existing functionality

Related Issue

Closes #110

References

@xfg0218 @qwencoder
feat: support MD5 and SCRAM-SHA-256 password encryption for PostgreSQ…
c90f8f1 
…L connection

- Add PasswordEncryption field to PostgreSQLConfig (internal/config/config.go)
- Modify NewConnection to support password_encryption parameter (internal/postgres/connection.go)
- Update config.example.yml with password_encryption example
- Support three modes: md5, scram-sha-256, auto (default)
- Improve compatibility with different PostgreSQL server configurations

Related to issue #110

Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
@xfg0218 xfg0218 merged commit 67c782a into main May 7, 2026
11 checks passed
@xfg0218 xfg0218 deleted the pr/password-encryption branch May 7, 2026 10:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

feat: Support MD5 and SCRAM-SHA-256 password encryption for PostgreSQL connection

1 participant

@xfg0218