When attempting to alter user passwords, logs will be collected to the Master/Segment logs, which can include unencrypted passwords. To avoid this behavior, there are several methods to prevent logging of user passwords.

Product Version: 6.23

\password
One option is to make use of the \password meta-command to prevent user passwords from appearing in the logs.

The \password meta command can be used for both users and superusers.

By default, when you create a PostgreSQL cluster, password authentication for the database superuser (“postgres”) is disabled. The simplest and safest way to add a password to the “postgres” user is to connect to the local server using “psql”, then type the “\password” meta command of psql. You will be asked to enter a password and confirm it.

postgres=# \password
Enter new password:
Enter it again:
postgres=#

This command will not log the password entered by the user

log_statement=NONE

An alternative method is to specify 'log_statement=NONE;' before running an 'alter user password' command.

Note: if using 'log_statement=NONE' in psql, the SQL shell query history may still record the password.