TL;DR
Database connections need SSL to encrypt data in transit, connection pooling for efficiency, and proper credential handling. These prompts help you configure secure connections for PostgreSQL, MySQL, and managed databases like Supabase or PlanetScale.
Enable SSL/TLS Connection
Configure my database connection to use SSL/TLS.
Database: PostgreSQL/MySQL/MongoDB Client library: pg/mysql2/prisma/mongoose Environment: Development/Production
Current connection (insecure): DATABASE_URL="postgresql://user:pass@host:5432/db"
Help me:
- Add SSL parameters to the connection string
- Configure SSL in the client library options
- Handle CA certificates if required
- Set up different SSL modes for dev vs prod
SSL modes to explain:
- require: Encrypt but don't verify certificate
- verify-ca: Verify the CA certificate
- verify-full: Verify CA and hostname
Show both connection string and programmatic configuration.
Connection Pooling
Configure connection pooling for my database.
Platform: Node.js/Python/Go Database: PostgreSQL/MySQL Environment: Serverless/Traditional server
Help me configure:
- Pool size (min/max connections)
- Connection timeout settings
- Idle connection timeout
- Connection validation/health checks
For serverless (Vercel, Lambda):
- Use external pooler (PgBouncer, Supabase pooler)
- Configure for short-lived connections
- Handle connection limits properly
Show configuration for my specific setup:
- Library-specific pool settings
- Environment variable configuration
- Graceful shutdown handling
Credential Management
Help me secure my database credentials.
Current issues:
- Credentials in code or config files
- Same credentials for all environments
- No credential rotation
Set up:
- Environment variable configuration
- Different credentials per environment
- Secrets manager integration (optional)
For managed databases:
- Supabase: connection pooler setup
- PlanetScale: branch-specific credentials
- Neon: connection string with pooling
Show how to:
- Parse DATABASE_URL correctly
- Avoid logging credentials
- Handle special characters in passwords
- Set up read replicas separately
Never disable SSL in production: Without SSL, database credentials and data are sent in plain text. Anyone on the network can intercept them. Always require SSL for production databases.
Network Security
Review and improve my database network security.
Current setup:
- Database is publicly accessible
- No IP allowlist configured
- Using default port
Help me:
- Configure IP allowlist for my hosting provider
- Set up private networking if available
- Change default ports (optional)
- Configure firewall rules
For specific platforms:
- Vercel: Configure trusted IPs
- Railway/Render: Set up private networking
- AWS RDS: Security groups and VPC
- Supabase: Connection restrictions
Also check:
- Database user permissions (principle of least privilege)
- Separate read-only users for analytics
- Application-specific database users
Pro tip: Use a connection pooler like PgBouncer or Supabase's built-in pooler for serverless environments. Direct connections from serverless functions can quickly exhaust database connection limits.
Why do I get SSL certificate errors?
Your client might not trust the database's CA certificate. For managed databases, use their provided CA bundle. For self-signed certificates, you may need to add them to your trust store or use "rejectUnauthorized: false" (not recommended for production).
How many connections should my pool have?
Start with 5-10 connections for most applications. The formula (cores * 2) + spindle_count is often cited. For serverless, use an external pooler and keep individual function pools small (1-2).