From 1b0356fd954e33cb2577bdfe65b690b6ebf8fa72 Mon Sep 17 00:00:00 2001
From: Mats Kindahl <mats@kindahl.net>
Date: Thu, 21 May 2026 21:58:53 +0200
Subject: [PATCH] Unset bootstrap credentials before exec-ing the server

POSTGRES_PASSWORD (and related vars) are only needed during initdb and
the temporary-server initialisation phase. After that they serve no
purpose, but remain in the process environment for the entire lifetime
of the container, where any loaded C extension can read them via
environ.

Unsetting them immediately before the final exec ensures the running
PostgreSQL server process starts with a clean environment.
---
 docker-entrypoint.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh
index d4442d8a52..5f939f4a0d 100755
--- a/docker-entrypoint.sh
+++ b/docker-entrypoint.sh
@@ -379,6 +379,7 @@ _main() {
 		fi
 	fi
 
+	unset POSTGRES_PASSWORD POSTGRES_USER POSTGRES_DB POSTGRES_INITDB_ARGS
 	exec "$@"
 }