Connect Claude to PostgreSQL — the safe way

Claude can't see your database until you connect it. Here's how to give it read-only, logged, revocable access to PostgreSQL over MCP — without handing it your production password.

Claude is great at writing SQL, but it can't answer questions about your data until it can reach your database. The usual way to wire it up — a raw PostgreSQL MCP server running on your laptop — has two problems: your database password sits in a plain config file, and most servers will run whatever SQL the model produces, including an UPDATE or DROP it hallucinated.

The AI2SQL Gateway fixes both. Claude connects to a hosted MCP endpoint that enforces read-only access, caps result size, times out long queries, and logs every call — and it authenticates with a revocable key instead of your credentials.

What you'll need

Set it up in 3 steps

  1. Connect your database. In the AI2SQL Gateway, add your PostgreSQL connection. Credentials are encrypted and stay server-side.
  2. Generate a gateway key. The setup wizard creates a key scoped to your account plus the connection id for that database.
  3. Add the MCP server to Claude. Paste one line (or one JSON block for Claude Desktop) with your key and connection id:
Claude Code — terminal
$ claude mcp add --transport http ai2sql \
    https://builder.ai2sql.io/api/mcp \
    --header "x-ai2sql-key: $AI2SQL_KEY" \
    --header "x-ai2sql-connection: $CONNECTION_ID"
✓ ai2sql connected — 3 tools available
  run_query · describe_schema · list_connections

Get $AI2SQL_KEY and $CONNECTION_ID from the AI2SQL Gateway — connect a database and the setup wizard generates both for you.

That's it. Ask Claude something like "how many orders shipped last week, by status?" — it calls describe_schema to learn your tables, writes the SQL, runs it through run_query, and returns the answer. Every call is recorded on your gateway activity page.

What Claude can and can't do

Once connected, Claude can:

It cannot:

Why not just use a raw Postgres MCP server?

You can — the open-source Postgres MCP servers are fine for a local scratch database. But for a database that matters, "the model writes SQL and we run it" is one hallucinated statement away from a bad day, your password lives in a config file on every laptop, and there's no record of what the agent touched. The gateway trades that for read-only enforcement, encrypted credentials, revocable keys and a full audit trail. See is it safe to connect AI to your production database?

Frequently asked

Can Claude modify or delete data in my PostgreSQL database? +

No. The gateway classifies every statement before it runs and blocks INSERT, UPDATE, DELETE, DDL and dangerous functions. Queries also execute inside a read-only transaction, so even a statement that slips past the classifier cannot change data.

Do I paste my Postgres password into Claude's config? +

No. You add the connection once in the AI2SQL dashboard, where credentials are encrypted at rest. Claude authenticates with a scoped gateway key — never your database password — and you can revoke that key at any time.

Which Claude products work with this? +

Claude Code, Claude Desktop and claude.ai all speak MCP over HTTP, so the same gateway endpoint works across them. Cursor and ChatGPT (developer-mode MCP) work too.

Is there a free tier? +

Yes. The free plan includes one database connection and one agent key with the full guardrails, capped by a monthly call quota. Paid plans add more connections, longer audit history and higher limits.

Give your agent a database it can't break

Connect a database, grab a key, paste one config. Read-only, logged and revocable from the first query.

Start free →

Related guides