The terminal flickers. You connect to a database through Hashicorp Boundary, and Pgcli waits for your command. No exposed credentials. No open network ports. Just a secure, audited path from keyboard to query.
Hashicorp Boundary with Pgcli is a fast, controlled way to run SQL against Postgres without direct network access. Boundary brokers the connection. Pgcli handles the interaction. Together, they remove the need to hand out VPN access or share static passwords. You authenticate to Boundary, it grants a short-lived credential, and Pgcli uses it to open the session. When the TTL expires, the door closes.
This is the workflow:
- Install Hashicorp Boundary and configure it with a Postgres target.
- Create roles and grants so only approved identities can reach the database.
- Use the Boundary CLI to request a session.
- Pipe the session URL into Pgcli. Example:
pgcli "$(boundary connect postgres --target-id ttcp_XYZ)"
- Run queries. Log out. Nothing stays behind.
Using Boundary with Pgcli is not just about runtime security. It centralizes policy. It gives a single point of control for database access. Audit logs track who connected, when, and what was accessed. Short-lived credentials prevent credential sprawl. Pgcli’s familiar interface makes the secure path feel ordinary, so adoption is immediate.
Performance is not impacted. Boundary brokers over TCP, streaming queries with minimal latency. Pgcli autocompletion, syntax highlighting, and result table formatting all work as expected.
When compliance teams ask for proof of secure access, Boundary’s logs deliver. When leadership demands fewer moving parts in ops tooling, this pairing delivers. No environment variables with passwords. No SSH tunnels hacked together. Just one clean handshake, then you’re in.
Deploy it in minutes. See Hashicorp Boundary + Pgcli running instantly with managed environments at hoop.dev.