Used for configuration management, storing database credentials, SSH tunnel settings, and RDS connection information in a secure location outside the repository.
Required runtime environment for the MCP server, specifically version 24 or higher.
Required package manager for installing dependencies and building the MCP server.
Provides read-only access to PostgreSQL databases through tools for executing queries, listing tables, describing schemas, analyzing data quality, finding relationships, and generating query execution plans.
PostgreSQL Read-Only MCP Server
A secure MCP (Model Context Protocol) server that provides read-only access to PostgreSQL databases through an SSH tunnel.
Features
- Secure SSH Tunnel: Connects to PostgreSQL through encrypted SSH tunnel
- Read-Only Enforcement: All queries run in read-only transactions
- Connection Pooling: Efficient database connection management
- Query Timeout: 15-second timeout for all operations
- Comprehensive Tools: Query, list tables, describe schemas, analyze data
Configuration
- Copy the example configuration file:
- Edit
~/.pg_mcp/.env
with your credentials: - Create a read-only database user:
Installation
Usage
Start the MCP server:
For development mode with hot reload:
Available MCP Tools
postgres_query
: Execute read-only SQL queriespostgres_list_tables
: List all tables with optional row countspostgres_describe_table
: Get detailed schema informationpostgres_analyze_table
: Analyze table for data quality issuespostgres_find_related
: Find foreign key relationshipspostgres_explain_query
: Get query execution plans
SSH Tunnel Management
The server implements a shared SSH tunnel system:
- Multiple instances share a single tunnel
- Reference counting prevents premature closure
- Automatic reconnection on failure
- Lock files in
/tmp/pg_mcp_tunnel/
Monitor tunnel status:
Security
- All queries validated for read-only operations
- Enforced read-only transactions
- 15-second query timeout
- SSH encryption for all connections
- Credentials stored outside repository
Requirements
- Node.js v24+
- pnpm package manager
- PostgreSQL database
- SSH access to database server
This server cannot be installed
A secure MCP server that enables querying PostgreSQL databases through an SSH tunnel with enforced read-only access, connection pooling, and comprehensive data exploration tools.
Related MCP Servers
- -securityAlicense-qualityAn MCP server that connects to Supabase PostgreSQL databases, exposing table schemas as resources and providing tools for data analysis through SQL queries.Last updated -JavaScriptMIT License
- -securityFlicense-qualityA server implementing the Model Context Protocol (MCP) for Cursor that allows using a PostgreSQL database as storage for model contexts, enabling secure database exploration and querying.Last updated -JavaScript
- -securityAlicense-qualityA template project for building custom MCP servers that enables direct access to PostgreSQL databases, allowing SQL query execution and schema information retrieval through the Model Context Protocol.Last updated -3PythonMIT License
- -security-license-qualityAn MCP server that allows working with MySQL databases by providing tools for executing read-only SQL queries, getting table schemas, and listing database tables.Last updated -1JavaScript