The file .pgpass in a user's home directory can
   contain passwords to
   be used if the connection requires a password (and no password has been
   specified  otherwise). On Microsoft Windows the file is named
   %APPDATA%\postgresql\pgpass.conf (where
   %APPDATA% refers to the Application Data subdirectory in
   the user's profile).
   Alternatively, a password file can be specified
   using the connection parameter passfile
   or the environment variable PGPASSFILE.
  
This file should contain lines of the following format:
hostname:port:database:username:password
   (You can add a reminder comment to the file by copying the line above and
   preceding it with #.)
   Each of the first four fields can be a literal value, or
   *, which matches anything.  The password field from
   the first line that matches the current connection parameters will be
   used.  (Therefore, put more-specific entries first when you are using
   wildcards.) If an entry needs to contain : or
   \, escape this character with \.
   A host name of localhost matches both TCP (host name
   localhost) and Unix domain socket (pghost empty
   or the default socket directory) connections coming from the local
   machine. In a standby server, a database name of replication
   matches streaming replication connections made to the master server.
   The database field is of limited usefulness because
   users have the same password for all databases in the same cluster.
  
   On Unix systems, the permissions on a password file must
   disallow any access to world or group; achieve this by a command such as
   chmod 0600 ~/.pgpass.  If the permissions are less
   strict than this, the file will be ignored.  On Microsoft Windows, it
   is assumed that the file is stored in a directory that is secure, so
   no special permissions check is made.