Synapsor
Log inGet access
All docs
Docs
Getting Started

Connect Postgres

Connect selected Postgres tables/views to Synapsor in read-only live mode with least-privilege credentials and tenant-scoped generated capabilities.

Overview

Start with live-read for Postgres. The public connector path reads selected tables/views on demand through a least-privilege read-only role, stores the connection as a secret reference, stores only safe metadata/fingerprints in normal control-plane records, and records redacted query audit entries.

The CLI commands below assume you already created a Synapsor project, database, and database-scoped API key.

Prefer safe views before raw tables. Add proposal writeback only after the read-only path works and evidence/query audit are reviewed. Treat CDC/mirrored subsets as private preview only, not customer-production supported.

SESSION values come from your backend. ARG values may come from user/model input. Do not let the model invent tenant_id, principal, customer_id, branch_id, proposal_id, run_id, or other trusted scope.

External DB modesExisting DB quickstartPostgres existing DB demo repoCDC glossaryCDC roadmapProposal writeback

Create a read-only role

Create a dedicated Postgres user with only CONNECT, USAGE on the exposed schema, and SELECT on the tables or views Synapsor should read.

Use a strong password and rotate it like any other database credential.

Postgres role
CREATE ROLE synapsor_reader LOGIN PASSWORD 'REPLACE_WITH_STRONG_PASSWORD';

GRANT CONNECT ON DATABASE appdb TO synapsor_reader;
GRANT USAGE ON SCHEMA public TO synapsor_reader;

GRANT SELECT ON TABLE public.tickets TO synapsor_reader;
GRANT SELECT ON TABLE public.customers TO synapsor_reader;
GRANT SELECT ON TABLE public.policy_chunks TO synapsor_reader;

Prefer safe views

Views let you hide columns before Synapsor ever sees them. This is useful for private notes, tokens, raw PII, payment details, and app-only fields.

The connector still requires tenant filters and column allowlists even when you use views.

Safe view pattern
CREATE SCHEMA synapsor_safe;

CREATE VIEW synapsor_safe.ticket_context AS
SELECT
  id,
  tenant_id,
  customer_id,
  subject,
  status,
  created_at,
  updated_at
FROM public.tickets
WHERE deleted_at IS NULL;

GRANT USAGE ON SCHEMA synapsor_safe TO synapsor_reader;
GRANT SELECT ON synapsor_safe.ticket_context TO synapsor_reader;

Developer notes

  • Use ssl=require or stronger for remote Postgres sources.
  • Use env:APP_POSTGRES_URL so the CLI does not persist the URL in shell history beyond your environment.
  • Inspect before import and explicitly keep out fields suggested for review, such as password_hash, api_token, email, phone, and payment fields, unless the workflow truly needs them.
  • Import requires a tenant column unless the table/source is explicitly single-tenant.
  • Add proposal writeback only after the read-only live-read path is working and reviewed.
  • Treat CDC/mirrored subsets as private preview only. Do not enable CDC for customer production data until signoff is approved.
  • Disable a source immediately if credentials are rotated unexpectedly or the source should no longer be readable.