DEV Community

Cover image for We stopped giving AI agents database passwords
developerz.ai
developerz.ai

Posted on

We stopped giving AI agents database passwords

Every "connect your AI agent to a database" tutorial ends the same
way: paste a connection string into a config file. That string now lives on a laptop, in shell history, maybe in a Slack DM to unblock someone on a Friday.

We didn't want that for our own team, so we built db-mcp-gateway a
self-hosted MCP server that sits between agents and databases. The
agent never holds a credential. It authenticates via SSO, the gateway
maps that identity to a YAML-defined grant, and the query runs under
least privilege with a row cap and a statement timeout.

What I want to cover in this post:

  • why "just use a read replica" doesn't solve the audit problem
  • the three design pillars we didn't compromise on (credentials never leave the gateway, identity end-to-end, config-as-code)
  • what we deliberately left out (there's no admin UI that's on purpose)

Full writeup + a real docker pull you can run in five minutes:
https://github.com/developerz-ai/db-mcp-gateway

Tags: #mcp #ai #security #postgresql

Top comments (0)