NOTE
This step is is not strictly necessary because PostgreSQL will use SCRAM-SHA-256
authentication for SCRAM-SHA-256-hashed passwords, even if the authentication
method is set to md5 in pg_hba.conf. However, we strongly recommend that you
apply this change to ensure that passwords using the old md5 hashing method are not
allowed.
Follow these steps to change the authentication method:
1. Adapt pg_hba.conf by replacing the Vault relevant occurrences of md5 with scramsha-256. That will prevent users who still have an old md5 password from authenticating.
Example:
# pg_hba.conf
# TYPE DATABASE USER ADDRESS METHOD
local [vault-db] all scram-sha-256
2. Reload the configuration as we describe in above.
3. Check the log file or examine the view pg_hba_file_rules to see if the reload was
successful.