diff --git a/src/charm.py b/src/charm.py
index b6b837bf4e..ba46ee1e3b 100755
--- a/src/charm.py
+++ b/src/charm.py
@@ -1260,7 +1260,9 @@ def _on_set_password(self, event: ActionEvent) -> None:  # noqa: C901
             event.fail("The action can be run only on leader unit")
             return
 
-        username = event.params.get("username", USER)
+        if not (username := event.params.get("username")):
+            event.fail("The action requires a username")
+            return
         if username not in SYSTEM_USERS and self.is_ldap_enabled:
             event.fail("The action can be run only for system users when LDAP is enabled")
             return
diff --git a/tests/unit/test_charm.py b/tests/unit/test_charm.py
index c169047fd0..fb85d337bf 100644
--- a/tests/unit/test_charm.py
+++ b/tests/unit/test_charm.py
@@ -393,14 +393,16 @@ def test_on_set_password(harness):
         patch("charm.PostgresqlOperatorCharm.postgresql") as _postgresql,
         patch("charm.Patroni.are_all_members_ready") as _are_all_members_ready,
         patch("charm.PostgresqlOperatorCharm._on_leader_elected"),
+        patch("charm.new_password", return_value="newpass"),
     ):
         # Create a mock event.
         mock_event = MagicMock(params={})
 
         # Set some values for the other mocks.
-        _are_all_members_ready.side_effect = [False, True, True, True, True]
-        _postgresql.update_user_password = PropertyMock(
-            side_effect=[PostgreSQLUpdateUserPasswordError, None, None, None]
+        _are_all_members_ready.return_value = False
+        _postgresql.update_user_password = PropertyMock()
+        _postgresql.update_user_password.return_value.side_effect = (
+            PostgreSQLUpdateUserPasswordError
         )
 
         # Test trying to set a password through a non leader unit.
@@ -424,20 +426,25 @@ def test_on_set_password(harness):
         _set_secret.assert_not_called()
 
         # Test for an error updating when updating the user password in the database.
+        _are_all_members_ready.return_value = True
         mock_event.reset_mock()
         harness.charm._on_set_password(mock_event)
         mock_event.fail.assert_called_once()
         _set_secret.assert_not_called()
 
         # Test without providing the username option.
+        _postgresql.update_user_password.return_value.side_effect = None
+        mock_event.reset_mock()
         harness.charm._on_set_password(mock_event)
-        assert _set_secret.call_args_list[0][0][1] == "operator-password"
+        mock_event.fail.assert_called_once()
+        _set_secret.assert_not_called()
 
         # Also test providing the username option.
+        mock_event.reset_mock()
         _set_secret.reset_mock()
         mock_event.params["username"] = "replication"
         harness.charm._on_set_password(mock_event)
-        assert _set_secret.call_args_list[0][0][1] == "replication-password"
+        _set_secret.assert_called_once_with("app", "replication-password", "newpass")
 
         # And test providing both the username and password options.
         _set_secret.reset_mock()