Connection Strings

A single DSN format for PostgreSQL clients.

DSN (example)

postgres://<pg_user>:<pg_password>@<gateway-host>:5432/<db-name>?sslmode=require

• <gateway-host> — the external PostgreSQL endpoint of the platform (Gateway).
• <pg_user> / <pg_password> — the tenant credentials (the same for all databases inside a tenant).
• <db-name> — the database name inside the tenant.
• sslmode=require — a required parameter (Gateway accepts TLS only).

Where to get the DSN

• When you create tenant, the Control Plane returns pg_user, pg_password, and dsn_template.
• You can also retrieve them again through GET /v2/tenants/<tenant>/credentials (if you have permission).

dsn_template looks like this:

postgres://<pg_user>:<pg_password>@<gateway-host>:5432/<db-name>?sslmode=require

Replace <db-name> with the name of your database.

Important about secrets

• API key ≠ DSN. The API key is used only for CP calls (Console / CLI / API).
• The DSN must contain only pg_user / pg_password. Do not embed the API key into application connection strings.
• Store pg_password in Secret Manager / CI secrets and rotate it according to the procedure (see Security).