← Back to overview
pgops
PostgreSQL Access Management Platform · Internal Tool · 2026
What It Is
pgops is a full-stack internal platform for managing PostgreSQL database access across teams. Users submit access requests (readonly / readwrite), administrators approve or reject them, and the system automatically provisions PostgreSQL roles and issues time-limited credentials (TTL 30 days). All passwords are encrypted with AES-256-GCM. Authentication is handled via Okta (OIDC/SSO).
It also includes a DBA toolkit: VACUUM with SQL preview before execution, activity monitoring (pg_stat_activity, pg_locks, pg_stat_io), replication monitoring, and orphaned role detection. Every action is recorded in an immutable, append-only audit trail.
Key Features
Access Management
  • Self-service access requests with approval workflow
  • Automatic provisioning of PostgreSQL roles and credentials
  • Time-limited access with automatic expiration (TTL 30 days)
  • Orphaned role detection across all managed databases
DBA Toolkit
  • VACUUM with autovacuum recommendations and SQL preview before execution
  • Activity monitoring — pg_stat_activity, pg_locks, pg_stat_io views
  • Replication monitoring — publications, slots, replica identity
  • SQL Preview pattern — user sees the exact SQL before it runs, confirms via JWT token
Security & Compliance
  • SSO via Okta (OIDC) — no local passwords
  • AES-256-GCM encryption for all stored credentials
  • RBAC — admin / user separation
  • Immutable audit log of every action
Tech Stack
Backend
NestJS PostgreSQL Prisma ORM Passport + OIDC (Okta)
Frontend
React TypeScript Vite Mantine UI React Router
Infrastructure & Security
Docker Nginx pnpm monorepo AES-256-GCM RBAC JWT (SQL Preview confirm)