[{"data":1,"prerenderedAt":422},["ShallowReactive",2],{"blog-prompts/secure-database-connection":3},{"id":4,"title":5,"body":6,"category":401,"date":402,"dateModified":403,"description":404,"draft":405,"extension":406,"faq":407,"featured":405,"headerVariant":408,"image":407,"keywords":407,"meta":409,"navigation":410,"ogDescription":411,"ogTitle":407,"path":412,"readTime":407,"schemaOrg":413,"schemaType":414,"seo":415,"sitemap":416,"stem":417,"tags":418,"twitterCard":420,"__hash__":421},"blog/blog/prompts/secure-database-connection.md","Secure Database Connection with AI Prompts",{"type":7,"value":8,"toc":391},"minimark",[9,16,21,24,86,90,93,157,161,164,228,238,242,245,312,321,337,341,344,365,379],[10,11,12],"tldr",{},[13,14,15],"p",{},"Database connections need SSL to encrypt data in transit, connection pooling for efficiency, and proper credential handling. These prompts help you configure secure connections for PostgreSQL, MySQL, and managed databases like Supabase or PlanetScale.",[17,18,20],"h2",{"id":19},"enable-ssltls-connection","Enable SSL/TLS Connection",[13,22,23],{},"Use this prompt to add SSL/TLS encryption to your database connection. Your AI will configure SSL parameters in both your connection string and client library, set up CA certificate handling, and explain the differences between require, verify-ca, and verify-full modes.",[25,26,28,31,46,49,52,68,71,83],"prompt-box",{"title":27},"Configure SSL Connection",[13,29,30],{},"Configure my database connection to use SSL/TLS.",[13,32,33,34,38,39,42,43],{},"Database: ",[35,36,37],"span",{},"PostgreSQL/MySQL/MongoDB","\nClient library: ",[35,40,41],{},"pg/mysql2/prisma/mongoose","\nEnvironment: ",[35,44,45],{},"Development/Production",[13,47,48],{},"Current connection (insecure):\nDATABASE_URL=\"postgresql://user:pass@host:5432/db\"",[13,50,51],{},"Help me:",[53,54,55,59,62,65],"ol",{},[56,57,58],"li",{},"Add SSL parameters to the connection string",[56,60,61],{},"Configure SSL in the client library options",[56,63,64],{},"Handle CA certificates if required",[56,66,67],{},"Set up different SSL modes for dev vs prod",[13,69,70],{},"SSL modes to explain:",[72,73,74,77,80],"ul",{},[56,75,76],{},"require: Encrypt but don't verify certificate",[56,78,79],{},"verify-ca: Verify the CA certificate",[56,81,82],{},"verify-full: Verify CA and hostname",[13,84,85],{},"Show both connection string and programmatic configuration.",[17,87,89],{"id":88},"connection-pooling","Connection Pooling",[13,91,92],{},"Copy this prompt to configure database connection pooling for your platform. Your AI will set up min/max pool sizes, timeout settings, health checks, and serverless-specific configuration using external poolers like PgBouncer.",[25,94,96,99,112,115,129,132,143,146],{"title":95},"Set Up Connection Pool",[13,97,98],{},"Configure connection pooling for my database.",[13,100,101,102,105,106,42,109],{},"Platform: ",[35,103,104],{},"Node.js/Python/Go","\nDatabase: ",[35,107,108],{},"PostgreSQL/MySQL",[35,110,111],{},"Serverless/Traditional server",[13,113,114],{},"Help me configure:",[53,116,117,120,123,126],{},[56,118,119],{},"Pool size (min/max connections)",[56,121,122],{},"Connection timeout settings",[56,124,125],{},"Idle connection timeout",[56,127,128],{},"Connection validation/health checks",[13,130,131],{},"For serverless (Vercel, Lambda):",[72,133,134,137,140],{},[56,135,136],{},"Use external pooler (PgBouncer, Supabase pooler)",[56,138,139],{},"Configure for short-lived connections",[56,141,142],{},"Handle connection limits properly",[13,144,145],{},"Show configuration for my specific setup:",[72,147,148,151,154],{},[56,149,150],{},"Library-specific pool settings",[56,152,153],{},"Environment variable configuration",[56,155,156],{},"Graceful shutdown handling",[17,158,160],{"id":159},"credential-management","Credential Management",[13,162,163],{},"This prompt asks your AI to move database credentials out of code and into environment variables. You'll get per-environment credential setup, secrets manager integration options, and guidance on safely parsing connection URLs with special characters.",[25,165,167,170,173,184,187,197,200,211,214],{"title":166},"Secure Credentials",[13,168,169],{},"Help me secure my database credentials.",[13,171,172],{},"Current issues:",[72,174,175,178,181],{},[56,176,177],{},"Credentials in code or config files",[56,179,180],{},"Same credentials for all environments",[56,182,183],{},"No credential rotation",[13,185,186],{},"Set up:",[53,188,189,191,194],{},[56,190,153],{},[56,192,193],{},"Different credentials per environment",[56,195,196],{},"Secrets manager integration (optional)",[13,198,199],{},"For managed databases:",[72,201,202,205,208],{},[56,203,204],{},"Supabase: connection pooler setup",[56,206,207],{},"PlanetScale: branch-specific credentials",[56,209,210],{},"Neon: connection string with pooling",[13,212,213],{},"Show how to:",[72,215,216,219,222,225],{},[56,217,218],{},"Parse DATABASE_URL correctly",[56,220,221],{},"Avoid logging credentials",[56,223,224],{},"Handle special characters in passwords",[56,226,227],{},"Set up read replicas separately",[229,230,231],"warning-box",{},[13,232,233,237],{},[234,235,236],"strong",{},"Never disable SSL in production:"," Without SSL, database credentials and data are sent in plain text. Anyone on the network can intercept them. Always require SSL for production databases.",[17,239,241],{"id":240},"network-security","Network Security",[13,243,244],{},"Use this prompt to lock down your database's network access. Your AI will configure IP allowlists, private networking, firewall rules, and least-privilege database users for your specific hosting platform.",[25,246,248,251,254,265,267,281,284,298,301],{"title":247},"Database Network Security",[13,249,250],{},"Review and improve my database network security.",[13,252,253],{},"Current setup:",[72,255,256,259,262],{},[56,257,258],{},"Database is publicly accessible",[56,260,261],{},"No IP allowlist configured",[56,263,264],{},"Using default port",[13,266,51],{},[53,268,269,272,275,278],{},[56,270,271],{},"Configure IP allowlist for my hosting provider",[56,273,274],{},"Set up private networking if available",[56,276,277],{},"Change default ports (optional)",[56,279,280],{},"Configure firewall rules",[13,282,283],{},"For specific platforms:",[72,285,286,289,292,295],{},[56,287,288],{},"Vercel: Configure trusted IPs",[56,290,291],{},"Railway/Render: Set up private networking",[56,293,294],{},"AWS RDS: Security groups and VPC",[56,296,297],{},"Supabase: Connection restrictions",[13,299,300],{},"Also check:",[72,302,303,306,309],{},[56,304,305],{},"Database user permissions (principle of least privilege)",[56,307,308],{},"Separate read-only users for analytics",[56,310,311],{},"Application-specific database users",[313,314,315],"tip-box",{},[13,316,317,320],{},[234,318,319],{},"Pro tip:"," Use a connection pooler like PgBouncer or Supabase's built-in pooler for serverless environments. Direct connections from serverless functions can quickly exhaust database connection limits.",[322,323,324,331],"faq-section",{},[325,326,328],"faq-item",{"question":327},"Why do I get SSL certificate errors?",[13,329,330],{},"Your client might not trust the database's CA certificate. For managed databases, use their provided CA bundle. For self-signed certificates, you may need to add them to your trust store or use \"rejectUnauthorized: false\" (not recommended for production).",[325,332,334],{"question":333},"How many connections should my pool have?",[13,335,336],{},"Start with 5-10 connections for most applications. The formula (cores * 2) + spindle_count is often cited. For serverless, use an external pooler and keep individual function pools small (1-2).",[17,338,340],{"id":339},"further-reading","Further Reading",[13,342,343],{},"Want to understand the vulnerability before fixing it? These guides explain what's happening and why.",[72,345,346,353,359],{},[56,347,348],{},[349,350,352],"a",{"href":351},"/blog/vulnerabilities/exposed-api-keys","Understanding exposed API keys",[56,354,355],{},[349,356,358],{"href":357},"/blog/how-to/hide-api-keys","How to hide API keys step-by-step",[56,360,361],{},[349,362,364],{"href":363},"/blog/best-practices/secrets","Secret management best practices",[366,367,368,374],"related-articles",{},[369,370],"related-card",{"description":371,"href":372,"title":373},"Secure credential storage","/blog/prompts/move-to-env-vars","Move to Env Vars",[369,375],{"description":376,"href":377,"title":378},"Data encryption at rest","/blog/prompts/encrypt-sensitive-data","Encrypt Sensitive Data",[380,381,384,388],"cta-box",{"href":382,"label":383},"/","Start Free Scan",[17,385,387],{"id":386},"check-your-database-security","Check Your Database Security",[13,389,390],{},"Scan your connection configuration for security issues.",{"title":392,"searchDepth":393,"depth":393,"links":394},"",2,[395,396,397,398,399,400],{"id":19,"depth":393,"text":20},{"id":88,"depth":393,"text":89},{"id":159,"depth":393,"text":160},{"id":240,"depth":393,"text":241},{"id":339,"depth":393,"text":340},{"id":386,"depth":393,"text":387},"prompts","2026-02-24","2026-03-06","AI prompts to secure your database connection. Enable SSL/TLS, configure connection pooling, and protect credentials in your database setup.",false,"md",null,"cyan",{},true,"AI prompts to configure secure database connections with SSL and pooling.","/blog/prompts/secure-database-connection","[object Object]","BlogPosting",{"title":5,"description":404},{"loc":412},"blog/prompts/secure-database-connection",[419],"Database","summary_large_image","WzYo5S2t6RK80AaisbdaS3wEI8hbFJHku7RcVM3Md8k",1775843938389]