Skip to content
Latchkey

Prisma "P1000: Authentication failed against database server" in CI

P1000 means the server was reachable but rejected the credentials. In CI the username or password in DATABASE_URL does not match what the database service container was configured with.

What this error means

Prisma fails with "P1000: Authentication failed against database server at localhost, the provided database credentials for postgres are not valid."

Prisma
Error: P1000: Authentication failed against database server at `localhost`, the provided database credentials for `postgres` are not valid.

Please make sure to provide valid database credentials for the database server at `localhost`.

Common causes

URL credentials do not match the service env

The service was started with one password and DATABASE_URL uses another, so authentication is rejected.

Special characters not URL-encoded in the password

A password with @, :, or / that is not percent-encoded breaks the URL and sends wrong credentials.

How to fix it

Match the URL to the service credentials

  1. Set the same user and password in the service env and in DATABASE_URL.
  2. Keep them in one place (a secret) so they cannot drift.
  3. Re-run once they agree.
.github/workflows/ci.yml
services:
  postgres:
    image: postgres:16
    env:
      POSTGRES_USER: appuser
      POSTGRES_PASSWORD: apppass
# DATABASE_URL=postgresql://appuser:apppass@localhost:5432/app

URL-encode special characters

Percent-encode reserved characters in the password so the connection string parses correctly.

Terminal
# password "p@ss/word" becomes:
DATABASE_URL=postgresql://appuser:p%40ss%2Fword@localhost:5432/app

How to prevent it

  • Define credentials once and reference them in both places.
  • URL-encode any special characters in the password.
  • Store the full connection string as a single secret.

Related guides

Tired of flaky CI? Latchkey auto-heals failed jobs and retries them for you. Start free →