kristofer84/mcp-postgres
If you are the rightful owner of mcp-postgres and would like to certify it and/or have it hosted online, please leave a comment on the right or send an email to dayong@mcphub.com.
The MCP PostgreSQL Server is a Model Context Protocol server that facilitates access and operations on PostgreSQL databases.
MCP PostgreSQL Server
A Model Context Protocol (MCP) server that provides PostgreSQL database access and operations.
Installation
You can use this MCP server with any MCP-compatible client by installing it via npm:
npm install -g mcp-postgres
Or run it directly with npx:
npx mcp-postgres@latest
Configuration
MCP Client Configuration
Add this to your MCP client configuration (e.g., .kiro/settings/mcp.json):
{
"mcpServers": {
"postgres": {
"command": "npx",
"args": ["mcp-postgres@latest"],
"env": {
"DB_HOST": "localhost",
"DB_PORT": "5432",
"DB_USER": "postgres",
"DB_PASSWORD": "your_password",
"DB_NAME": "your_database",
"DB_SSL_MODE": "require"
},
"disabled": false,
"autoApprove": ["list_tables", "get_schema"]
}
}
}
Alternative using DATABASE_URL:
{
"mcpServers": {
"postgres": {
"command": "npx",
"args": ["mcp-postgres@latest"],
"env": {
"DATABASE_URL": "postgresql://username:password@localhost:5432/database_name?sslmode=require"
},
"disabled": false,
"autoApprove": ["list_tables", "get_schema"]
}
}
}
Environment Variables
The server supports multiple configuration methods:
Option 1: Individual Environment Variables (Recommended)
DB_HOST=localhost
DB_PORT=5432
DB_USER=postgres
DB_PASSWORD=your_password
DB_NAME=your_database
DB_SSL_MODE=require # Optional: require, disable, or omit for default
Alternative PostgreSQL-style variable names are also supported:
POSTGRES_HOST=localhost
POSTGRES_PORT=5432
POSTGRES_USER=postgres
POSTGRES_PASSWORD=your_password
POSTGRES_DB=your_database
POSTGRES_SSL_MODE=require # Optional: require, disable, or omit for default
Option 2: DATABASE_URL (Fallback)
DATABASE_URL=postgresql://username:password@localhost:5432/database_name?sslmode=require
Option 3: Config File
Create a config.json file in your working directory:
{
"db": {
"host": "localhost",
"port": 5432,
"user": "postgres",
"password": "your_password",
"database": "your_database",
"sslmode": "require"
}
}
SSL Configuration
The server supports SSL connections with the following modes:
require- Forces SSL connection (useful for cloud databases)disable- Explicitly disables SSL (default for local development)- Omit the SSL mode for default behavior (no SSL)
SSL can be configured via:
- Environment variables:
DB_SSL_MODEorPOSTGRES_SSL_MODE - DATABASE_URL parameter:
?sslmode=require - Config file:
"sslmode": "require"
AWS RDS Auto-Configuration
The server automatically detects AWS RDS endpoints (hosts containing .rds.amazonaws.com) and:
- Automatically downloads the AWS RDS Global Certificate Bundle from
https://truststore.pki.rds.amazonaws.com/global/global-bundle.pem - Caches the certificate locally in
.aws-certs/directory for 30 days - Configures SSL with proper certificate validation using the downloaded bundle
- Re-downloads the certificate automatically if it's older than 30 days
- Graceful fallback to basic SSL if certificate download fails
This means you can connect to AWS RDS instances without manually downloading or configuring SSL certificates. Simply provide your RDS endpoint and the server handles the rest:
DB_HOST=mydb.cluster-xyz.us-east-1.rds.amazonaws.com
DB_USER=postgres
DB_PASSWORD=your_password
DB_NAME=your_database
# No need to set DB_SSL_MODE - automatically configured for RDS
Features:
- Persistent disk caching: Certificate is saved to
.aws-certs/rds-global-bundle.pemand persists between sessions - 30-day cache duration: Certificate is automatically refreshed after 30 days
- Cache validation: Verifies cached certificates aren't corrupted before use
- Connection retry: Automatic retry logic with 3 attempts and 2-second delays
- Error handling: Falls back to basic SSL if certificate download fails
- Performance: Certificate is cached in memory after first read to avoid repeated file operations
- Cache monitoring: Use the
check_certificate_cachetool to view cache status
The auto-configuration ensures secure, verified connections to AWS RDS while maintaining convenience and reliability.
Available Tools
list_tables
Lists all tables in the database with their types.
get_schema
Gets database schema information including tables and columns.
- Optional parameter:
table_name- Get schema for a specific table
execute_query
Executes a SQL query (SELECT statements only for safety).
- Required parameter:
query- The SQL SELECT query to execute
describe_table
Get detailed information about a specific table including indexes and constraints.
- Required parameter:
table_name- Name of the table to describe
get_table_sample
Gets a sample of rows from a table.
- Required parameter:
table_name- Name of the table to sample - Optional parameter:
limit- Number of rows to return (default: 10, max: 100)
check_certificate_cache
Checks the status of the AWS RDS certificate cache.
- Shows cache location, age, expiration status, and file details
- Useful for troubleshooting SSL connection issues with RDS
Security
For security reasons, only SELECT queries are allowed through the execute_query tool. This prevents accidental data modification through the MCP interface.
Testing
Testing with MCP Inspector
You can test the server locally using the MCP Inspector tool:
# Install the MCP inspector
npm install -g @modelcontextprotocol/inspector
# Set your database credentials
$env:DB_HOST="localhost"
$env:DB_USER="postgres"
$env:DB_PASSWORD="your_password"
$env:DB_NAME="your_database"
# Run the inspector
mcp-inspector node server.mjs
The inspector opens a web UI where you can interactively test each tool and see the responses.
Testing in Kiro IDE
Once configured in your .kiro/settings/mcp.json, you can test the tools directly:
- "List all tables in the database"
- "Show me the schema for the users table"
- "Execute this query: SELECT * FROM products WHERE price > 100"
License
MIT