diff --git a/bitnami/postgresql/CHANGELOG.md b/bitnami/postgresql/CHANGELOG.md
index cfcaca58de..881aa8cd24 100644
--- a/bitnami/postgresql/CHANGELOG.md
+++ b/bitnami/postgresql/CHANGELOG.md
@@ -1,8 +1,12 @@
# Changelog
-## 16.5.6 (2025-03-23)
+## 16.6.0 (2025-03-24)
-* [bitnami/postgresql] Release 16.5.6 ([#32576](https://github.com/bitnami/charts/pull/32576))
+* [bitnami/postgresql] Set `usePasswordFiles=true` by default ([#32115](https://github.com/bitnami/charts/pull/32115))
+
+## 16.5.6 (2025-03-23)
+
+* [bitnami/postgresql] Release 16.5.6 (#32576) ([7aac5fd](https://github.com/bitnami/charts/commit/7aac5fd297380af0d94f85922657fbc999dfaadc)), closes [#32576](https://github.com/bitnami/charts/issues/32576)
## 16.5.5 (2025-03-20)
diff --git a/bitnami/postgresql/Chart.yaml b/bitnami/postgresql/Chart.yaml
index 6e966f434d..e545512b09 100644
--- a/bitnami/postgresql/Chart.yaml
+++ b/bitnami/postgresql/Chart.yaml
@@ -36,4 +36,4 @@ maintainers:
name: postgresql
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/postgresql
-version: 16.5.6
+version: 16.6.0
diff --git a/bitnami/postgresql/README.md b/bitnami/postgresql/README.md
index 075c92e5fa..76dab00f38 100644
--- a/bitnami/postgresql/README.md
+++ b/bitnami/postgresql/README.md
@@ -398,7 +398,7 @@ If you already have data in it, you will fail to sync to standby nodes for all c
| `auth.secretKeys.adminPasswordKey` | Name of key in existing secret to use for PostgreSQL credentials. Only used when `auth.existingSecret` is set. | `postgres-password` |
| `auth.secretKeys.userPasswordKey` | Name of key in existing secret to use for PostgreSQL credentials. Only used when `auth.existingSecret` is set. | `password` |
| `auth.secretKeys.replicationPasswordKey` | Name of key in existing secret to use for PostgreSQL credentials. Only used when `auth.existingSecret` is set. | `replication-password` |
-| `auth.usePasswordFiles` | Mount credentials as a files instead of using an environment variable | `false` |
+| `auth.usePasswordFiles` | Mount credentials as a files instead of using an environment variable | `true` |
| `architecture` | PostgreSQL architecture (`standalone` or `replication`) | `standalone` |
| `replication.synchronousCommit` | Set synchronous commit mode. Allowed values: `on`, `remote_apply`, `remote_write`, `local` and `off` | `off` |
| `replication.numSynchronousReplicas` | Number of replicas that will have synchronous replication. Note: Cannot be greater than `readReplicas.replicaCount`. | `0` |
diff --git a/bitnami/postgresql/templates/primary/statefulset.yaml b/bitnami/postgresql/templates/primary/statefulset.yaml
index 5e3c1df846..d45d617624 100644
--- a/bitnami/postgresql/templates/primary/statefulset.yaml
+++ b/bitnami/postgresql/templates/primary/statefulset.yaml
@@ -489,7 +489,7 @@ spec:
- name: postgresql-extended-config
mountPath: {{ .Values.primary.persistence.mountPath }}/conf/conf.d/
{{- end }}
- {{- if .Values.auth.usePasswordFiles }}
+ {{- if and .Values.auth.usePasswordFiles (or .Values.auth.enablePostgresUser $customUser) }}
- name: postgresql-password
mountPath: /opt/bitnami/postgresql/secrets/
{{- end }}
@@ -584,7 +584,7 @@ spec:
- name: empty-dir
mountPath: /tmp
subPath: tmp-dir
- {{- if .Values.auth.usePasswordFiles }}
+ {{- if and .Values.auth.usePasswordFiles (or .Values.auth.enablePostgresUser $customUser) }}
- name: postgresql-password
mountPath: /opt/bitnami/postgresql/secrets/
{{- end }}
@@ -615,7 +615,7 @@ spec:
configMap:
name: {{ include "postgresql.v1.primary.extendedConfigmapName" . }}
{{- end }}
- {{- if .Values.auth.usePasswordFiles }}
+ {{- if and .Values.auth.usePasswordFiles (or .Values.auth.enablePostgresUser $customUser) }}
- name: postgresql-password
secret:
secretName: {{ include "postgresql.v1.secretName" . }}
diff --git a/bitnami/postgresql/templates/read/statefulset.yaml b/bitnami/postgresql/templates/read/statefulset.yaml
index a81a83767e..f7376b5ee8 100644
--- a/bitnami/postgresql/templates/read/statefulset.yaml
+++ b/bitnami/postgresql/templates/read/statefulset.yaml
@@ -396,7 +396,7 @@ spec:
- name: empty-dir
mountPath: /opt/bitnami/postgresql/tmp
subPath: app-tmp-dir
- {{- if .Values.auth.usePasswordFiles }}
+ {{- if and .Values.auth.usePasswordFiles (or .Values.auth.enablePostgresUser $customUser) }}
- name: postgresql-password
mountPath: /opt/bitnami/postgresql/secrets/
{{- end }}
@@ -491,7 +491,7 @@ spec:
- name: empty-dir
mountPath: /tmp
subPath: tmp-dir
- {{- if .Values.auth.usePasswordFiles }}
+ {{- if and .Values.auth.usePasswordFiles (or .Values.auth.enablePostgresUser $customUser) }}
- name: postgresql-password
mountPath: /opt/bitnami/postgresql/secrets/
{{- end }}
@@ -515,7 +515,7 @@ spec:
configMap:
name: {{ include "postgresql.v1.readReplicas.extendedConfigmapName" . }}
{{- end }}
- {{- if .Values.auth.usePasswordFiles }}
+ {{- if and .Values.auth.usePasswordFiles (or .Values.auth.enablePostgresUser $customUser) }}
- name: postgresql-password
secret:
secretName: {{ include "postgresql.v1.secretName" . }}
diff --git a/bitnami/postgresql/templates/update-password/job.yaml b/bitnami/postgresql/templates/update-password/job.yaml
index 4bd916132e..9eaba871dd 100644
--- a/bitnami/postgresql/templates/update-password/job.yaml
+++ b/bitnami/postgresql/templates/update-password/job.yaml
@@ -58,7 +58,7 @@ spec:
- |
{{- $customUser := include "postgresql.v1.username" . }}
{{- $customDatabase := include "postgresql.v1.database" . | default "postgres" }}
- {{- if .Values.usePasswordFiles }}
+ {{- if .Values.auth.usePasswordFiles }}
# We need to load all the secret env vars to the system
for file in $(find /bitnami/postgresql/secrets -type f); do
env_var_name="$(basename $file)"
@@ -186,7 +186,7 @@ spec:
- name: empty-dir
mountPath: /job-status
subPath: job-dir
- {{- if .Values.usePasswordFiles }}
+ {{- if .Values.auth.usePasswordFiles }}
- name: postgresql-previous-credentials
mountPath: /bitnami/postgresql/secrets/previous
- name: postgresql-new-credentials
@@ -203,7 +203,7 @@ spec:
volumes:
- name: empty-dir
emptyDir: {}
- {{- if and .Values.auth.usePasswordFiles }}
+ {{- if .Values.auth.usePasswordFiles }}
- name: postgresql-previous-credentials
secret:
secretName: {{ template "postgresql.update-job.previousSecretName" . }}
diff --git a/bitnami/postgresql/values.yaml b/bitnami/postgresql/values.yaml
index b6c883a2df..3043fcae9f 100644
--- a/bitnami/postgresql/values.yaml
+++ b/bitnami/postgresql/values.yaml
@@ -175,7 +175,7 @@ auth:
replicationPasswordKey: replication-password
## @param auth.usePasswordFiles Mount credentials as a files instead of using an environment variable
##
- usePasswordFiles: false
+ usePasswordFiles: true
## @param architecture PostgreSQL architecture (`standalone` or `replication`)
##
architecture: standalone
@@ -1393,7 +1393,7 @@ backup:
##
enabled: true
storage:
- ## @param backup.cronjob.storage.enabled Enable using a `PersistentVolumeClaim` as backup data volume
+ ## @param backup.cronjob.storage.enabled Enable using a `PersistentVolumeClaim` as backup data volume
##
enabled: true
## @param backup.cronjob.storage.existingClaim Provide an existing `PersistentVolumeClaim` (only when `architecture=standalone`)