Access a Postgres Database


In this guide, we'll use Firezone to set up access to a Postgres database. This is useful when you have a Postgres database that you want to keep behind a firewall, but still need to access it from external networks like the internet.

This steps in this guide can be effectively applied to virtually any database or service, not just Postgres.


  • A Site that will contain the Postgres database you want to secure access to. Create a Site if you haven't already.
  • One or more Gateways deployed within the Site. Deploy a Gateway if you don't have any in the Site where this database is located.

We recommend setting up multiple Gateways for load balancing access to high-traffic services like databases. See Deploying multiple Gateways.

Step 1: Create a Resource

  1. In your admin portal, go to Sites -> <site> and click the Add Resource button.
  2. Select DNS or IP as the Resource type depending on how you plan to access the database. If you're using a DNS name, the address should be resolvable by all of the Gateways in your Site.
  3. Optionally, add a traffic restriction for TCP/5432 (or the port your Postgres database is running on) to restrict access to the Postgres service only (Team and Enterprise plans).
  4. Enter the address of the Postgres database you want to secure access to.
Create a Resource

Step 2: Create a Policy

  1. In the Policies tab, click the Add Policy button.
  2. Create a Policy for the Resource you created in Step (1). Be sure to select the appropriate Group and Resource for the Policy.

Step 3: Done!

You've now secured access to your Postgres database. You can test the connection by testing access to the database with a tool like psql:

psql -h <resource-address> -U <username> -d <database>

If you get a password prompt, you've successfully secured access to your Postgres database.

Need additional help?

Try asking on one of our community-powered support channels:

Or try searching the docs:
Last updated: May 09, 2024