Tenant Credentials and DSN Template

Each tenant in SPG99 has a shared set of PostgreSQL credentials and a connection string template.

What is issued

• pg_user
• pg_password
• dsn_template

A typical dsn_template looks like this:

postgres://<pg_user>:<pg_password>@<gateway-host>:5432/<db-name>?sslmode=require

How to use it

1. Substitute the real database name instead of <db-name>.
2. Make sure you use the Gateway host, not an internal worker.
3. Keep sslmode=require at minimum.

Example of the final DSN:

postgres://tnt_xxxxx:secret@pg.spg99.ru:5432/app?sslmode=require

What is important architecturally

Gateway works through a managed model of client credentials and certificates. For the user, that means a transparent access scheme: you connect to PostgreSQL with the tenant credentials issued by the platform, without needing to know internal backend logins or service routes.

What you should not do

• do not put an API key into the DSN;
• do not store pg_password in an open git repository;
• do not send DSNs through insecure channels.

Practical conclusion

These tenant credentials are the main entry point to all databases in the tenant. They must be saved right away and used consistently across all applications and environments.