Database

Secure Database Connection with AI Prompts

February 2026

TL;DR

Database connections need SSL to encrypt data in transit, connection pooling for efficiency, and proper credential handling. These prompts help you configure secure connections for PostgreSQL, MySQL, and managed databases like Supabase or PlanetScale.

Enable SSL/TLS Connection

Use this prompt to add SSL/TLS encryption to your database connection. Your AI will configure SSL parameters in both your connection string and client library, set up CA certificate handling, and explain the differences between require, verify-ca, and verify-full modes.

AI Prompt

Configure SSL Connection

Configure my database connection to use SSL/TLS.

Database: PostgreSQL/MySQL/MongoDB Client library: pg/mysql2/prisma/mongoose Environment: Development/Production

Current connection (insecure): DATABASE_URL="postgresql://user:pass@host:5432/db"

Help me:

  1. Add SSL parameters to the connection string
  2. Configure SSL in the client library options
  3. Handle CA certificates if required
  4. Set up different SSL modes for dev vs prod

SSL modes to explain:

  • require: Encrypt but don't verify certificate
  • verify-ca: Verify the CA certificate
  • verify-full: Verify CA and hostname

Show both connection string and programmatic configuration.

Connection Pooling

Copy this prompt to configure database connection pooling for your platform. Your AI will set up min/max pool sizes, timeout settings, health checks, and serverless-specific configuration using external poolers like PgBouncer.

AI Prompt

Set Up Connection Pool

Configure connection pooling for my database.

Platform: Node.js/Python/Go Database: PostgreSQL/MySQL Environment: Serverless/Traditional server

Help me configure:

  1. Pool size (min/max connections)
  2. Connection timeout settings
  3. Idle connection timeout
  4. Connection validation/health checks

For serverless (Vercel, Lambda):

  • Use external pooler (PgBouncer, Supabase pooler)
  • Configure for short-lived connections
  • Handle connection limits properly

Show configuration for my specific setup:

  • Library-specific pool settings
  • Environment variable configuration
  • Graceful shutdown handling

Credential Management

This prompt asks your AI to move database credentials out of code and into environment variables. You'll get per-environment credential setup, secrets manager integration options, and guidance on safely parsing connection URLs with special characters.

AI Prompt

Secure Credentials

Help me secure my database credentials.

Current issues:

  • Credentials in code or config files
  • Same credentials for all environments
  • No credential rotation

Set up:

  1. Environment variable configuration
  2. Different credentials per environment
  3. Secrets manager integration (optional)

For managed databases:

  • Supabase: connection pooler setup
  • PlanetScale: branch-specific credentials
  • Neon: connection string with pooling

Show how to:

  • Parse DATABASE_URL correctly
  • Avoid logging credentials
  • Handle special characters in passwords
  • Set up read replicas separately

Never disable SSL in production: Without SSL, database credentials and data are sent in plain text. Anyone on the network can intercept them. Always require SSL for production databases.

Network Security

Use this prompt to lock down your database's network access. Your AI will configure IP allowlists, private networking, firewall rules, and least-privilege database users for your specific hosting platform.

AI Prompt

Database Network Security

Review and improve my database network security.

Current setup:

  • Database is publicly accessible
  • No IP allowlist configured
  • Using default port

Help me:

  1. Configure IP allowlist for my hosting provider
  2. Set up private networking if available
  3. Change default ports (optional)
  4. Configure firewall rules

For specific platforms:

  • Vercel: Configure trusted IPs
  • Railway/Render: Set up private networking
  • AWS RDS: Security groups and VPC
  • Supabase: Connection restrictions

Also check:

  • Database user permissions (principle of least privilege)
  • Separate read-only users for analytics
  • Application-specific database users

Pro tip: Use a connection pooler like PgBouncer or Supabase's built-in pooler for serverless environments. Direct connections from serverless functions can quickly exhaust database connection limits.

Why do I get SSL certificate errors?

Your client might not trust the database's CA certificate. For managed databases, use their provided CA bundle. For self-signed certificates, you may need to add them to your trust store or use "rejectUnauthorized: false" (not recommended for production).

How many connections should my pool have?

Start with 5-10 connections for most applications. The formula (cores * 2) + spindle_count is often cited. For serverless, use an external pooler and keep individual function pools small (1-2).

Further Reading

Want to understand the vulnerability before fixing it? These guides explain what's happening and why.

Related Articles

Move to Env Vars

Secure credential storage

Encrypt Sensitive Data

Data encryption at rest

Check Your Database Security

Scan your connection configuration for security issues.

AI Fix Prompts

Secure Database Connection with AI Prompts