All posts
September 5, 20252 min read

Air-gapped deployment of pgcli

The server room was silent, except for the hum of machines with no open ports to the outside world. That’s where we needed to run pgcli—fast, safe, and without the internet. Air-gapped deployment of pgcli isn’t difficult if you know the exact steps. The challenge is making it fully self-contained so it can run in a network-isolated environment. No hidden dependencies. No surprise connections. Only clean, reproducible work. Why Air-Gapping pgcli Matters Air-gapping keeps critical systems shie

Free White Paper

DPoP (Demonstration of Proof-of-Possession) + Deployment Approval Gates: The Complete Guide

Architecture patterns, implementation strategies, and security best practices. Delivered to your inbox.

Free. No spam. Unsubscribe anytime.
Andrios Robert

The server room was silent, except for the hum of machines with no open ports to the outside world. That’s where we needed to run pgcli—fast, safe, and without the internet.

Air-gapped deployment of pgcli isn’t difficult if you know the exact steps. The challenge is making it fully self-contained so it can run in a network-isolated environment. No hidden dependencies. No surprise connections. Only clean, reproducible work.

Why Air-Gapping pgcli Matters

Air-gapping keeps critical systems shielded from outside threats. In regulated environments, this isn’t optional—it’s policy. Tools like pgcli make navigating PostgreSQL faster and more productive, but installing them directly from the internet violates the air-gap principle. You need a repeatable way to bring pgcli into that dark network without breaking the wall.

Step 1: Package Everything Outside the Firewall

On a connected machine, prepare a Python virtual environment. Install pgcli and its dependencies there:

pip install pgcli

Then freeze the dependency list:

pip freeze > requirements.txt

Download every package:

pip download -r requirements.txt

This produces a directory of .whl and .tar.gz files with no external links required.

Continue reading? Get the full guide.

DPoP (Demonstration of Proof-of-Possession) + Deployment Approval Gates: Architecture Patterns & Best Practices

Free. No spam. Unsubscribe anytime.

Step 2: Move the Package Set Inside

Transfer those files using approved media—usually encrypted drives or controlled USB devices. Inside the air-gapped network, create the same Python environment:

python -m venv venv
source venv/bin/activate

Then install from the local directory:

pip install --no-index --find-links /path/to/wheels pgcli

Now pgcli runs without ever touching the internet.

Step 3: Verify and Lock the Build

Test basic commands:

pgcli --help

Run queries against a non-production database to confirm no external dependencies remain. Save this build artifact and process for future deployments. You want the same result every time without drift.

Step 4: Maintain in Parallel

When you need updates, repeat the process on a connected system. Always test offline before rolling into production. Keep a changelog so you know exactly which pgcli versions are deployed in which environments.

Air-Gapped Tools That Work in Minutes

Air-gapped deployments succeed when complexity is removed, not added. The process above works, but the setup and updates can take time. Platforms like hoop.dev make it possible to see tools like pgcli live and running in minutes, even in tightly controlled environments. Configure once, deploy anywhere, stay compliant, and stay fast.

Get pgcli working in your air-gapped world without friction—see it live with hoop.dev today.

Get started

See hoop.dev in action

One gateway for every database, container, and AI agent. Deploy in minutes.

Get a demoMore posts