psycopg Add connection string refresh to connection pool

The Fix

Introduces a way to update connection pool credentials by allowing the connection string and kwargs to be specified as callables.

Based on closed psycopg/psycopg issue #1042 · PR/commit linked

Production note: Most teams hit this during upgrades or environment changes. Roll out with a canary and smoke critical endpoints (health, OpenAPI/docs) before 100%.

Jump to Verify Open PR/Commit

@@ -48,9 +48,10 @@ The `!ConnectionPool` class
    required.
 
-   :param conninfo: The connection string. See
-                    `~psycopg.Connection.connect()` for details.
-   :type conninfo: `!str`

repro.py

class IAMTokenAsyncConnection(AsyncConnection):
    @classmethod
    async def connect(cls, conninfo: str = "", **kwargs) -> AsyncConnection:
        return await super().connect(
            your_custom_method_that_gets_new_conn_str_w_updated_credentials_if_needed(conninfo),
            **kwargs,
        )

verify

Re-run the minimal reproduction on your broken version, then apply the fix and re-run.

fix.md

Option A — Apply the official fix\nIntroduces a way to update connection pool credentials by allowing the connection string and kwargs to be specified as callables.\nWhen NOT to use: This fix is not suitable for environments where connection strings should remain static.\n\n

Why This Fix Works in Production

Trigger: As discussed in #851, in certain cloud environments the database password changes periodically. Therefore a long-lived pool must have a mechanism to update the…
Mechanism: The connection pool does not support dynamic updates of connection strings and credentials

Production impact:

If left unfixed, the same config can fail only in production (env differences), causing startup failures or partial feature outages.

Why This Breaks in Prod

The connection pool does not support dynamic updates of connection strings and credentials
Production symptom (often without a traceback): As discussed in #851, in certain cloud environments the database password changes periodically. Therefore a long-lived pool must have a mechanism to update the connection details.

Proof / Evidence

GitHub issue: #1042
Fix PR: https://github.com/psycopg/psycopg/pull/1167
Reproduced locally: No (not executed)
Last verified: 2026-02-11
Confidence: 0.70
Did this fix it?: Yes (upstream fix exists)
Own content ratio: 0.66

Discussion

High-signal excerpts from the issue thread (symptoms, repros, edge-cases).

Jump to Sources Open on GitHub

“FWIW, I subclassed AsyncConnection into my own IAMTokenAsyncConnection class to take care of this. No need to restart my service. I'm using AWS”

@codeech · 2025-05-19 · source

Failure Signature (Search String)

As discussed in #851, in certain cloud environments the database password changes periodically. Therefore a long-lived pool must have a mechanism to update the connection details.

Copy-friendly signature

signature.txt

Failure Signature
-----------------
As discussed in #851, in certain cloud environments the database password changes periodically. Therefore a long-lived pool must have a mechanism to update the connection details.

Error Message

Signature-only (no traceback captured)

error.txt

Error Message
-------------
As discussed in #851, in certain cloud environments the database password changes periodically. Therefore a long-lived pool must have a mechanism to update the connection details.

Minimal Reproduction

repro.py

class IAMTokenAsyncConnection(AsyncConnection):
    @classmethod
    async def connect(cls, conninfo: str = "", **kwargs) -> AsyncConnection:
        return await super().connect(
            your_custom_method_that_gets_new_conn_str_w_updated_credentials_if_needed(conninfo),
            **kwargs,
        )

What Broke

Connections fail to authenticate after credentials change, leading to service outages.

Why It Broke

The connection pool does not support dynamic updates of connection strings and credentials

Fix Options (Details)

Option A — Apply the official fix

Introduces a way to update connection pool credentials by allowing the connection string and kwargs to be specified as callables.

When NOT to use: This fix is not suitable for environments where connection strings should remain static.

Fix reference: https://github.com/psycopg/psycopg/pull/1167

Last verified: 2026-02-11. Validate in your environment.

When NOT to Use This Fix

This fix is not suitable for environments where connection strings should remain static.

Verify Fix

verify

Re-run the minimal reproduction on your broken version, then apply the fix and re-run.

Did This Fix Work in Your Case?

Quick signal helps us prioritize which fixes to verify and improve.

Prevention

Track RSS + object counts after deployments; alert on monotonic growth and GC pressure.
Add a long-running test that repeats the failing call path and asserts stable memory.

Related Issues

No related fixes found.

Cluster: psycopg:configuration-error All hubs All clusters

Related clusters: Data consistency Timeout Race condition

Sources

We don’t republish the full GitHub discussion text. Use the links above for context.

psycopg Add connection string refresh to connection pool (Fix)