Database Credentials

Stable

How tenant PostgreSQL credentials work and what matters when using DSNs.

Updated: March 5, 2026

PostgreSQL access in SPG99 is built around tenant credentials:

pg_user
pg_password
dsn_template

Where they are issued

These values are usually returned:

when a tenant is created;
when /v2/tenants/:tenant/credentials is read again.

What they are for

Only for PostgreSQL connections through Gateway:

postgres://<pg_user>:<pg_password>@<gateway-host>:5432/<db-name>?sslmode=require

What you should not use them for

calling the Control Plane API;
logging in to Console;
storing them in an open repository;
sending them through insecure channels.

Practical advice

save credentials immediately after tenant creation;
store the password in a secret manager;
use different tenants or databases for different environments;
do not confuse DSN secrets and API secrets.

Correct handling of tenant credentials is the foundation of secure connectivity to SPG99.

Why SPG99 Architecture Roadmap Documentation Blog