Used for configuration management, storing database credentials, SSH tunnel settings, and RDS connection information in a secure location outside the repository.
Required runtime environment for the MCP server, specifically version 24 or higher.
Required package manager for installing dependencies and building the MCP server.
Provides read-only access to PostgreSQL databases through tools for executing queries, listing tables, describing schemas, analyzing data quality, finding relationships, and generating query execution plans.
PostgreSQL Read-Only MCP Server
A secure MCP (Model Context Protocol) server that provides read-only access to PostgreSQL databases through an SSH tunnel.
Features
Secure SSH Tunnel: Connects to PostgreSQL through encrypted SSH tunnel
Read-Only Enforcement: All queries run in read-only transactions
Connection Pooling: Efficient database connection management
Query Timeout: 15-second timeout for all operations
Comprehensive Tools: Query, list tables, describe schemas, analyze data
Related MCP server: Simple PostgreSQL MCP Server
Configuration
Copy the example configuration file:
cp .env.example ~/.pg_mcp/.envEdit
~/.pg_mcp/.envwith your credentials:# PostgreSQL Database Configuration POSTGRES_DB=your_database POSTGRES_USER=readonly_user POSTGRES_PASSWORD=your_password # SSH Tunnel Configuration SSH_HOST=your-ec2-instance.amazonaws.com SSH_USER=ec2-user SSH_KEY_PATH=/path/to/ssh/key # RDS Configuration RDS_HOST=your-database.rds.amazonaws.comCreate a read-only database user:
CREATE USER readonly_mcp WITH PASSWORD 'secure_password'; GRANT CONNECT ON DATABASE your_database TO readonly_mcp; GRANT USAGE ON SCHEMA public TO readonly_mcp; GRANT SELECT ON ALL TABLES IN SCHEMA public TO readonly_mcp; ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO readonly_mcp;
Installation
Usage
Start the MCP server:
For development mode with hot reload:
Available MCP Tools
postgres_query: Execute read-only SQL queriespostgres_list_tables: List all tables with optional row countspostgres_describe_table: Get detailed schema informationpostgres_analyze_table: Analyze table for data quality issuespostgres_find_related: Find foreign key relationshipspostgres_explain_query: Get query execution plans
SSH Tunnel Management
The server implements a shared SSH tunnel system:
Multiple instances share a single tunnel
Reference counting prevents premature closure
Automatic reconnection on failure
Lock files in
/tmp/pg_mcp_tunnel/
Monitor tunnel status:
Security
All queries validated for read-only operations
Enforced read-only transactions
15-second query timeout
SSH encryption for all connections
Credentials stored outside repository
Requirements
Node.js v24+
pnpm package manager
PostgreSQL database
SSH access to database server