FYI: PgBoundary - A wrapper around boundary and pgbouncer CLI

daniel-sigterm · February 12, 2025, 1:04pm

Hi there,
I hacked a small wrapper around Boundary and PgBouncer to allow people the integration of Boundary into their workflows (IDEs, database tools etc.).

This is a very specific implementation but maybe it is helpful to others as well

The covered use case:

You have internal PostgreSQL databases
You connect to them via HashiCorp Boundary
You are using OIDC for AuthZ and AuthN
You are using HashiCorp Vault integration in Boundary to provide dynamic credentials
You want to use this setup from an IDE or other database tooling

The project: GitHub - sigterm-de/pgboundary: A wrapper around boundary and pgbouncer CLI for integration into IDE/database tooling

Cheers, Daniel

jbrandhorst · February 12, 2025, 4:42pm

Hi Daniel,

Thank you for sharing this, it’s a really cool developer experience improvement over the manual copying of brokered credentials every time!

jbrandhorst · February 13, 2025, 9:53pm

I just another thought on this topic, since you are connecting to Postgres, at least when using psql you should be able to get a similar experience to the above using just boundary connect postgres. It will automatically inject brokered username/password credentials into the psql command. For things like DBeaver and other tooling, your solution is still compelling until we have something more native built into Boundary .

Topic		Replies	Views
Connecting to postgresql database using an external tool like (IDE, SQL client) using brokered credentials Boundary	1	235	January 2, 2024
Is there a complete install tutorial (non-dev, non HA)? Boundary	5	833	August 30, 2021
Boundary Credential Store question Boundary	3	490	August 30, 2021
Boundary Connect Helper for SSH and others Boundary	0	458	July 10, 2021
Initial credentials after controller install Boundary	7	1096	October 17, 2020

FYI: PgBoundary - A wrapper around boundary and pgbouncer CLI

Related topics