All posts
August 25, 20222 min read

Access Proxy Pgcli: A Modern Approach to Secure Database Access

When managing databases, ensuring secure and efficient access is a top priority. Whether you're running a PostgreSQL database with critical business data or complex infrastructure supporting multiple teams, tools like pgcli—a Postgres command-line interface—make interacting with your database faster and more intuitive. But accessing databases behind modern cloud architectures often introduces additional layers of complexity. This is where access proxies shine, simplifying secure database connect

Free White Paper

Database Access Proxy + VNC Secure Access: The Complete Guide

Architecture patterns, implementation strategies, and security best practices. Delivered to your inbox.

Free. No spam. Unsubscribe anytime.
Andrios Robert

When managing databases, ensuring secure and efficient access is a top priority. Whether you're running a PostgreSQL database with critical business data or complex infrastructure supporting multiple teams, tools like pgcli—a Postgres command-line interface—make interacting with your database faster and more intuitive. But accessing databases behind modern cloud architectures often introduces additional layers of complexity. This is where access proxies shine, simplifying secure database connections without friction.

In this post, we'll explore how access proxies integrate with tools like pgcli, their advantages, and how developers and managers can make database access seamless while maintaining security.

What is an Access Proxy?

An access proxy sits as a middle layer between users and the database, acting as a facilitator for secure connectivity. Instead of directly accessing the database, users connect through this proxy, which enforces authentication, handles access policies, and strengthens security by limiting exposure.

By adopting access proxies, you can:

  1. Centralize and simplify database connection management.
  2. Replace static credentials with temporary tokens for better security.
  3. Log and enforce fine-grained connection access policies transparently.

Why Use pgcli with an Access Proxy?

pgcli enhances the traditional PostgreSQL CLI experience by adding syntax highlighting, auto-completions, and other productivity features. However, in modern environments, dealing with direct database credentials can pose risks. By pairing pgcli with an access proxy, you add secure access controls while retaining a snappy, user-friendly CLI workflow.

Instead of managing raw credentials, an access proxy handles tokenized or temporary authentication. This reduces the risk of data breaches, ensures compliance, and integrates well into a CI/CD pipeline or local developer machine setups.

Setting Up a Secure Pgcli Workflow with an Access Proxy

Let's break this down into easy steps. Here's how you can quickly configure a seamless and secure workflow.

Continue reading? Get the full guide.

Database Access Proxy + VNC Secure Access: Architecture Patterns & Best Practices

Free. No spam. Unsubscribe anytime.

1. Deploying Your Access Proxy

First, deploy an access proxy designed for your stack. Some proxies work directly with PostgreSQL out-of-the-box. This middleware ensures only authorized requests pass through to the database. Look for the following:

  • Support for modern authentication providers (like OAuth, SAML, or OpenID Connect).
  • Temporary session-based access tokens.
  • Logging for compliance and auditing.

2. Configuring the Proxy to Replace Static Credentials

Access proxies reduce the need to share database credentials. Switch your configuration so that system users, pipelines, or machines authenticate against the proxy, which then grants short-lived tokens for database connections.

3. Connecting Your Pgcli via Proxy

pgcli’s connection string can be updated to point at the access proxy instead of the database directly. A typical example might look like:

pgcli -h your-access-proxy.company.com -p 5432 -U your_user database_name

If the access proxy issues temporary credentials or tokens, ensure your pgcli sessions are properly configured with these up-to-date details. Some proxies also support environment variables for token injection, such as:

export PGPASSWORD=$(fetch_temp_token)
pgcli -h your-access-proxy.company.com -U your_user database_name

With this setup, you gain the sleek features of pgcli but with the added protection of access mediation.

Benefits of This Workflow

By securing pgcli with an access proxy, you make your workflow both intuitive and robust. Here’s why it stands out:

  • Enhanced Security: No more static passwords stored in configuration files.
  • Auditability: Keep track of connection origins and enforce compliance.
  • Access Scalability: Supports dynamic environments where machines, individuals, or microservices need access to multiple connections.
  • Seamless Productivity: Retains the speed and comfort experienced with pgcli.

See Secure Database Connections in Action

Integrating access proxies with tools like pgcli doesn’t have to be complex. Hoop.dev provides an intuitive platform to manage access proxies, offering a seamless setup experience with modern security best practices.

If you're ready to cut credentials from your workflows and elevate your database management, you can see it live and connect your first database in minutes.

Get started

See hoop.dev in action

One gateway for every database, container, and AI agent. Deploy in minutes.

Get a demoMore posts