A few weeks ago, we made a decision that made some people on our team nervous: we open-sourced CloudDM completely, with no feature gates, no enterprise edition, no strings attached.
Apache 2.0. Everything included.
⭐ GitHub: https://github.com/ClouGence/open-cdm
In this blog, I want to share what CloudDM actually does, and why we chose to give it all away.
The problem with most database tools
If you've managed database workflows at a growing engineering team, you know how fragmented the tooling gets.
You have one tool for querying (maybe DBeaver or Navicat), another for SQL review (Archery or Yearning), and RBAC for access control. None of them talk to each other. Permissions live in two or more places. The audit trail is incomplete. Every handoff between DBA, developer, and ops is a potential gap.
This is the problem CloudDM was built to solve.
What CloudDM does
CloudDM is a unified database R&D and governance platform. Instead of stitching together four tools, your team gets one platform that handles:
Query.
A web-based console supporting 30+ data sources, including MySQL, PostgreSQL, ClickHouse, Redis, StarRocks, and cloud databases on AWS, Azure, and Alibaba Cloud. Syntax highlighting, query plans, result export, and DDL conversion are supported.
Change management.
A structured workflow for database SQL changes, with a built-in SQL rule engine containing 54 safety rules. Rules can be scoped precisely down to the instance, database, table, or column level. Approval flows integrate with DingTalk, WeCom, and Lark. CI/CD teams can trigger deployments via webhooks, HTTP calls, or Git push.
Access control.
Role-based permissions with granular scoping to instance, database, schema, and table. DDL and DML authorization can be managed separately. Column-level data masking for sensitive fields, with 5 built-in masking rules and support for custom scripts.
Identity and compliance.
SSO support for OpenLDAP, Windows AD, OIDC, DingTalk, WeCom, and Lark. Full operation audit logs and SQL execution audit trails.
Deployment takes under a minute via Docker:
docker run -d --name cgdm-alone -p 8222:8222 bladepipe/cgdm-alone:3.0.7
Standalone and cluster modes are both supported, along with Kubernetes and package-based installation.
Why open-source everything
This is the part I want to be direct about.
Database management tools are different from most software. They sit inside your network. They connect to your production databases. They handle credentials. They touch the most sensitive parts of your infrastructure.
For a lot of teams evaluating tools like this, the question isn't "does it have the features we need?" The first question is: can we trust it?
Open source is the most honest answer to that question. You can read the code. You can audit it. You can run it yourself and know exactly what it does.
We've also seen how "open core" models play out in this space. A tool is free until you need the feature that actually matters (audit logging, SSO, granular permissions), and then you're looking at an enterprise license negotiation. That friction erodes trust too, just in a different way.
So we made a different call. Everything is open. The features that other products charge for, like access control, compliance tools, and SSO, are all included, free, with no usage limits.
Who this is for
CloudDM is built for engineering teams that have outgrown ad-hoc database access. If you're at a point where multiple engineers need access to production databases, SQL changes need review before they hit production, you need an audit trail of who ran what, or you want to enforce access policies without managing them manually, CloudDM is worth looking at.
It's also worth noting: this isn't a side project. CloudDM has been running in production environments and we're committed to maintaining and growing it as an open-source project.
Try it out
If you're evaluating database governance tools, give CloudDM a try. Deployment is genuinely fast, and the full feature set is available from day one.
⭐ GitHub: https://github.com/ClouGence/open-cdm
If you have questions, run into issues, or just want to talk through whether it fits your use case, drop a comment or reach out directly. We're actively building in the open and feedback from real teams shapes where we go next.
Top comments (0)