Used for configuration management, storing database credentials, SSH tunnel settings, and RDS connection information in a secure location outside the repository.
Required runtime environment for the MCP server, specifically version 24 or higher.
Required package manager for installing dependencies and building the MCP server.
Provides read-only access to PostgreSQL databases through tools for executing queries, listing tables, describing schemas, analyzing data quality, finding relationships, and generating query execution plans.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@PostgreSQL Read-Only MCP Servershow me the top 10 customers by total purchases"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
PostgreSQL Read-Only MCP Server
A secure MCP (Model Context Protocol) server that provides read-only access to PostgreSQL databases through an SSH tunnel.
Features
Secure SSH Tunnel: Connects to PostgreSQL through encrypted SSH tunnel
Read-Only Enforcement: All queries run in read-only transactions
Connection Pooling: Efficient database connection management
Query Timeout: 15-second timeout for all operations
Comprehensive Tools: Query, list tables, describe schemas, analyze data
Related MCP server: Simple PostgreSQL MCP Server
Configuration
Copy the example configuration file:
cp .env.example ~/.pg_mcp/.envEdit
~/.pg_mcp/.envwith your credentials:# PostgreSQL Database Configuration POSTGRES_DB=your_database POSTGRES_USER=readonly_user POSTGRES_PASSWORD=your_password # SSH Tunnel Configuration SSH_HOST=your-ec2-instance.amazonaws.com SSH_USER=ec2-user SSH_KEY_PATH=/path/to/ssh/key # RDS Configuration RDS_HOST=your-database.rds.amazonaws.comCreate a read-only database user:
CREATE USER readonly_mcp WITH PASSWORD 'secure_password'; GRANT CONNECT ON DATABASE your_database TO readonly_mcp; GRANT USAGE ON SCHEMA public TO readonly_mcp; GRANT SELECT ON ALL TABLES IN SCHEMA public TO readonly_mcp; ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO readonly_mcp;
Installation
pnpm install
pnpm run buildUsage
Start the MCP server:
./start_mcp.shFor development mode with hot reload:
./start_mcp.sh devAvailable MCP Tools
postgres_query: Execute read-only SQL queriespostgres_list_tables: List all tables with optional row countspostgres_describe_table: Get detailed schema informationpostgres_analyze_table: Analyze table for data quality issuespostgres_find_related: Find foreign key relationshipspostgres_explain_query: Get query execution plans
SSH Tunnel Management
The server implements a shared SSH tunnel system:
Multiple instances share a single tunnel
Reference counting prevents premature closure
Automatic reconnection on failure
Lock files in
/tmp/pg_mcp_tunnel/
Monitor tunnel status:
./check_tunnel.shSecurity
All queries validated for read-only operations
Enforced read-only transactions
15-second query timeout
SSH encryption for all connections
Credentials stored outside repository
Requirements
Node.js v24+
pnpm package manager
PostgreSQL database
SSH access to database server
This server cannot be installed
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.