> One obvious solution was to use .pgpass but it does not appeal me
> because it is again a security threat.
> any pointers or help may lead to unlocked secret.
.pgpass is the only way to do it that is NOT a security threat.
You can set PGUSER and PGPASSWORD environmental variables, but they are
easily readable from other processes.
I suggest allowing the 'postgres' user to connect with 'ident sameuser'
in pg_hba.conf from the localhost only, then always just run pg_dump as
'postgres'.
Chris