postgres password problem
Hi, I am trying to run zitadel in a docker container on a vps. On the vps I also have a postgres db running, also in docker.
I created two users for zitadel: zitadel_root and zitadel_user. When I try to connect to the database with those users using DBeaver, everything works fine. But the Zitadel container gives the following error:
time="2025-09-23T20:36:47Z" level=info msg="initialization started" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/init.go:70"
time="2025-09-23T20:36:47Z" level=fatal msg="unable to initialize the database" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/init.go:63" error="failed to connect to user=zitadel_root database=postgres: 5.75.247.152:5432 (5.75.247.152): server error: FATAL: password authentication failed for user "zitadel_root" (SQLSTATE 28P01)"
When I go to the database container I see a corresponding log:
2025-09-23 20:36:47.626 UTC [71017] FATAL: password authentication failed for user "zitadel_root" 2025-09-23 20:36:47.626 UTC [71017] DETAIL: Password does not match for user "zitadel_root". Connection matched file "/data/postgres/pg_hba.conf" line 120: "host all all 172.19.0.1/8 password"I have configured zitadel using config files:
config.yaml:
and secrets.yaml:
Anyone any idea what is going on?8 Replies
Hi @wim, I'm an AI assistant for ZITADEL. While a team member reviews this question, I'll see if I can find relevant sources for your question.
Answer
I wasn't able to find a direct answer, here are some relevant sources:
1. Database Configuration :
Covers ZITADEL's Postgres setup and user/role requirements, including permissions and password setup. 2. Configuration Options in ZITADEL :
Explains how to structure config and secrets YAML files for ZITADEL's database connection. Feel free to tag @Ask Inkeep with additional questions.
Covers ZITADEL's Postgres setup and user/role requirements, including permissions and password setup. 2. Configuration Options in ZITADEL :
Explains how to structure config and secrets YAML files for ZITADEL's database connection. Feel free to tag @Ask Inkeep with additional questions.
(same error when using the posgres user)
hey @wim thanks for your question, I will take a look
hey @wim can you pls trying printing the password and see if the values being passed from env variables are correct?
is this using start-from-init ?
how could I print the password? All configuration is passed using the configuration files. When I check those, they are correct.
Yes, for completenes, I also posted the docker compose file.
ok managed to get it working by not using the separate config file for secrets. Is there a bug in the merging of the config files? This should workd accoding to the docs
ZITADEL Docs
This guide assumes you are familiar with running ZITADEL using the least amount of configuration possible.
hey @wim good catch! Pls open an issue https://github.com/zitadel/zitadel/issues
no problem. Issue has been made 🙂