Guides
Database Connections

Database Connections

SchemaHero needs to connect to your database to plan and apply migrations.

Connection URI

postgres://user:password@host:5432/database?sslmode=require

SSL options:

  • sslmode=disable — No SSL (local dev only)
  • sslmode=require — Require SSL, don't verify certificate
  • sslmode=verify-full — Require SSL, verify certificate

Example:

schemahero plan \
  --driver postgres \
  --uri "postgres://myuser:mypass@localhost:5432/mydb?sslmode=disable" \
  --spec-file ./schema/

Environment Variables

Keep credentials out of your command history:

export DATABASE_URL="postgres://user:password@localhost:5432/mydb"
 
schemahero plan \
  --driver postgres \
  --uri "$DATABASE_URL" \
  --spec-file ./schema/

Cloud Databases

IAM Authentication

TOKEN=$(aws rds generate-db-auth-token \
  --hostname mydb.xxxx.us-east-1.rds.amazonaws.com \
  --port 5432 \
  --username myuser)
 
schemahero plan \
  --driver postgres \
  --uri "postgres://myuser:${TOKEN}@mydb.xxxx.rds.amazonaws.com:5432/mydb?sslmode=require" \
  --spec-file ./schema/

Secrets Manager

SECRET=$(aws secretsmanager get-secret-value \
  --secret-id mydb-credentials \
  --query SecretString --output text)
DB_USER=$(echo $SECRET | jq -r .username)
DB_PASS=$(echo $SECRET | jq -r .password)
 
schemahero plan \
  --driver postgres \
  --uri "postgres://${DB_USER}:${DB_PASS}@mydb.xxxx.rds.amazonaws.com:5432/mydb" \
  --spec-file ./schema/

Kubernetes Operator

When using the operator, store credentials in a Secret:

apiVersion: v1
kind: Secret
metadata:
  name: mydb-credentials
type: Opaque
stringData:
  uri: postgres://user:password@host:5432/database?sslmode=require

Reference it in your Database resource:

apiVersion: databases.schemahero.io/v1alpha4
kind: Database
metadata:
  name: mydb
spec:
  connection:
    postgres:
      uri:
        valueFrom:
          secretKeyRef:
            name: mydb-credentials
            key: uri

Troubleshooting

ProblemSolution
Connection refusedCheck host/port, firewall rules, database is running
Authentication failedVerify username/password, check user permissions
SSL errorsTry sslmode=require instead of verify-full
TimeoutCheck network connectivity, VPC/subnet config

Test connectivity directly:

# PostgreSQL
psql "postgres://user:password@host:5432/mydb?sslmode=require"
 
# MySQL
mysql -h host -u user -p database
Organizing Schemas