How do I install Postgres?

Postgres is a local plugin. Install it using npm package: @edelciomolina/postgres-mcp and add the generated configuration snippet to your AI app's MCP config file. Then restart your AI app.

What credentials does Postgres need?

Postgres requires the following credentials or environment variables: MCP_KEY_HOST, MCP_KEY_PORT, MCP_KEY_NAME, MCP_KEY_USER, MCP_KEY_PASS, MCP_KEY_SSLMODE. You can find setup instructions on the server detail page.

What AI apps work with Postgres?

Postgres uses the Model Context Protocol (MCP) and works with any MCP-compatible AI app, including Claude, ChatGPT / Codex, Gemini, Copilot, Cursor, and more.

Back to Browse

Postgres MCP Server

by Edelciomolina

Data & AnalyticsUse Caution4.2MCP RegistryLocal

Free

Server data from the Official MCP Registry

PostgreSQL MCP wrapper with .env credential mapping, tool selection, and safe read-only defaults.

About

PostgreSQL MCP wrapper with .env credential mapping, tool selection, and safe read-only defaults.

Security Report

4.2

Use Caution4.2High Risk

This PostgreSQL MCP server has solid security fundamentals with read-only defaults, proper credential handling via .env files, and reasonable permission scoping for its category. However, there are several code quality and potential security concerns: missing input validation on user-supplied SQL queries, inadequate error handling with potential information disclosure, and the write-capable tools (pg_execute_mutation, pg_execute_sql) lack sufficient safeguards despite being opt-in. The server appropriately reads credentials from environment variables at runtime rather than storing them, and the explicit tool selection mechanism is well-designed for security. Supply chain analysis found 3 known vulnerabilities in dependencies (0 critical, 3 high severity). Package verification found 1 issue.

3 files analyzed · 16 issues found

Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.

Permissions Required

This plugin requests these system permissions. Most are normal for its category.

env_vars

Check that this permission is expected for this type of plugin.

File System Read

Reads files on your machine. Normal for tools that analyze or process local data.

HTTP Network Access

Connects to external APIs or services over the internet.

database

Check that this permission is expected for this type of plugin.

What You'll Need

Set these up before or after installing:

Name of the .env variable that holds the database hostOptional

Environment variable: MCP_KEY_HOST

Name of the .env variable that holds the database portOptional

Environment variable: MCP_KEY_PORT

Name of the .env variable that holds the database nameOptional

Environment variable: MCP_KEY_NAME

Name of the .env variable that holds the database userOptional

Environment variable: MCP_KEY_USER

Name of the .env variable that holds the database passwordOptional

Environment variable: MCP_KEY_PASS

Name of the .env variable that holds the SSL mode (e.g. require)Optional

Environment variable: MCP_KEY_SSLMODE

How to Install

Add this to your MCP configuration file:

{
  "mcpServers": {
    "io-github-edelciomolina-postgres-mcp": {
      "env": {
        "MCP_KEY_HOST": "your-mcp-key-host-here",
        "MCP_KEY_NAME": "your-mcp-key-name-here",
        "MCP_KEY_PASS": "your-mcp-key-pass-here",
        "MCP_KEY_PORT": "your-mcp-key-port-here",
        "MCP_KEY_USER": "your-mcp-key-user-here",
        "MCP_KEY_SSLMODE": "your-mcp-key-sslmode-here"
      },
      "args": [
        "-y",
        "@edelciomolina/postgres-mcp"
      ],
      "command": "npx"
    }
  }
}

Documentation

View on GitHub

From the project's GitHub README.

🌐 English | Português

✨ What it does

This is a native MCP server built directly with @modelcontextprotocol/sdk and pg (node-postgres). It provides:

🔐 Runtime credential resolution - reads database credentials from your .env file at startup, so no secrets are stored in mcp.json
🗝️ Flexible key mapping - use any .env variable names; tell the server which ones to use via env in mcp.json
🎯 Explicit tool selection - pass tool=<name> args to choose exactly which MCP tools to expose
🛡️ Read-only by default - if no tools are specified, only safe introspection tools are enabled (no writes, no arbitrary SQL execution)

📋 Requirements

⚙️ Node.js >= 18
📄 A .env file with the database credentials (anywhere in the project tree - see .env discovery)

� Installation

There are two ways to use this package. Choose the one that best fits your workflow.

Option 1 - No install (via `npx`, recommended for quick start)

No installation required. npx downloads and runs the package on demand. Add -y as the first arg to skip the confirmation prompt.

{
  "servers": {
    "Postgres Tools": {
      "type": "stdio",
      "command": "npx",
      "args": [
        "-y",
        "@edelciomolina/postgres-mcp",
        "tool=pg_manage_query",
        "tool=pg_manage_schema",
        "tool=pg_manage_indexes",
        "tool=pg_monitor_database"
      ],
      "env": {
        "MCP_KEY_HOST":    "DB_HOST",
        "MCP_KEY_PORT":    "DB_PORT",
        "MCP_KEY_NAME":    "DB_NAME",
        "MCP_KEY_SSLMODE": "DB_SSLMODE",
        "MCP_KEY_USER":    "DB_USER",
        "MCP_KEY_PASS":    "DB_PASS"
      }
    }
  }
}

Option 2 - Install via VS Code (MCP extension marketplace)

VS Code supports discovering and installing MCP servers directly from the editor, without touching the terminal.

Open the Command Palette (Cmd+Shift+P on Mac / Ctrl+Shift+P on Windows/Linux)
Run MCP: Add Server
Choose "Browser MCP Servers" (or "From registry", depending on your VS Code version)
Search for postgres-mcp or edelciomolina
Select Postgres MCP and follow the prompts - VS Code will add the entry to your mcp.json automatically

💡 You can also open the MCP Servers panel via the Copilot chat icon → Manage MCP Servers to browse, enable, or disable servers at any time.

After installing, edit the generated entry in .vscode/mcp.json to add your tool= args and env key mappings as shown in the Usage section below.

🚀 Usage in VS Code (`mcp.json`)

{
  "servers": {
    "Postgres Tools": {
      "type": "stdio",
      "command": "npx",
      "args": [
        "@edelciomolina/postgres-mcp",
        "tool=pg_manage_query",
        "tool=pg_manage_schema",
        "tool=pg_manage_indexes",
        "tool=pg_monitor_database"
      ],
      "env": {
        "MCP_KEY_HOST":    "DB_HOST",
        "MCP_KEY_PORT":    "DB_PORT",
        "MCP_KEY_NAME":    "DB_NAME",
        "MCP_KEY_SSLMODE": "DB_SSLMODE",
        "MCP_KEY_USER":    "DB_USER",
        "MCP_KEY_PASS":    "DB_PASS"
      }
    }
  }
}

The corresponding .env in your project root:

DB_HOST=db.your-project.supabase.co
DB_PORT=5432
DB_NAME=postgres
DB_SSLMODE=require
DB_USER=readonly_user
DB_PASS=your_password

⚙️ How `mcp.json` configuration works

🗝️ `env` - credential key mapping

The env block does not contain the actual credentials. It maps each MCP_KEY_* to the name of the variable in your .env file.

Key in `env`	Points to `.env` variable	Example value
`MCP_KEY_HOST`	`DB_HOST`	`db.example.supabase.co`
`MCP_KEY_PORT`	`DB_PORT`	`5432`
`MCP_KEY_NAME`	`DB_NAME`	`postgres`
`MCP_KEY_SSLMODE`	`DB_SSLMODE`	`require`
`MCP_KEY_USER`	`DB_USER`	`readonly_user`
`MCP_KEY_PASS`	`DB_PASS`	`secret`

This indirection means you can use any variable names in your .env - useful when sharing an .env across multiple services with different naming conventions.

🔧 `args` - tool selection via `tool=` prefix

Each enabled MCP tool is declared as a separate arg using the tool=<name> format:

"args": [
  "-y",
  "@edelciomolina/postgres-mcp",
  "tool=pg_manage_schema",
  "tool=pg_manage_indexes"
]

This makes the tool list explicit and auditable directly in mcp.json - no hidden config files. 🔍

🛡️ Why read-only is the default

If you omit all tool= args, the server starts with a curated read-only set - every tool that can retrieve, analyze, or explain data, but nothing that can modify it.

⚠️ Excluded from defaults (write-capable, opt-in via tool= arg):

Tool	Risk
`pg_execute_mutation`	INSERT / UPDATE / DELETE / UPSERT operations
`pg_execute_sql`	Executes arbitrary SQL with optional transaction support

✅ Included in defaults:

pg_execute_query       pg_manage_query        pg_manage_schema
pg_manage_indexes      pg_manage_constraints  pg_manage_functions
pg_manage_triggers     pg_manage_rls          pg_get_setup_instructions
pg_manage_users        pg_analyze_database    pg_monitor_database
pg_debug_database

💡 pg_execute_query is included in the defaults but is handler-enforced read-only: the tool handler rejects any INSERT, UPDATE, DELETE, or DDL statement and returns a permission error before the database is contacted.

⚠️ Management tools like pg_manage_schema bundle both read and write sub-operations (e.g. get_info and create_table). For strict write prevention, pair with a database user that only has SELECT privileges.

💡 Tip: While this MCP is secure and customizable via tools, for maximum safety, pair the default tool set with a database user that only has SELECT privileges.

📍 `.env` file discovery

The server resolves the .env file in this order:

env-file=<path> arg - explicit path relative to cwd; takes priority over everything else
Walk-up - starting from cwd, searches each parent directory until a .env is found or the filesystem root is reached

If no .env is found, the server exits with a clear error message.

Monorepos and subfolders

When VS Code starts the MCP process, cwd is typically the workspace root. If your .env lives in a subfolder (e.g. functions/.env), use env-file= to point to it explicitly:

{
  "servers": {
    "Postgres Tools": {
      "type": "stdio",
      "command": "npx",
      "args": [
        "-y",
        "@edelciomolina/postgres-mcp",
        "env-file=functions/.env",
        "tool=pg_manage_schema",
        "tool=pg_monitor_database"
      ],
      "env": {
        "MCP_KEY_HOST":    "DB_HOST",
        "MCP_KEY_PORT":    "DB_PORT",
        "MCP_KEY_NAME":    "DB_NAME",
        "MCP_KEY_SSLMODE": "DB_SSLMODE",
        "MCP_KEY_USER":    "DB_USER",
        "MCP_KEY_PASS":    "DB_PASS"
      }
    }
  }
}

💡 The walk-up behavior handles the common case automatically. Use env-file= when you need explicit control (CI, monorepos, Docker bind-mounts).

🧰 Available tools

Read-only (enabled by default)

Tool	Description
`pg_execute_query`	SELECT / COUNT / EXISTS with multi-statement and write-op guards
`pg_manage_query`	EXPLAIN plans, slow query analysis, `pg_stat_statements`
`pg_manage_schema`	Schema info, create/alter tables, manage ENUMs
`pg_manage_indexes`	Get, create, drop, reindex, analyze index usage
`pg_manage_constraints`	Get, create, and drop constraints and foreign keys
`pg_manage_functions`	Get, create, and drop functions/procedures
`pg_manage_triggers`	Get, create, drop, enable/disable triggers
`pg_manage_rls`	Row-Level Security policies
`pg_get_setup_instructions`	Platform-specific PostgreSQL setup instructions
`pg_manage_users`	User permissions, create/drop/alter users, grant/revoke
`pg_analyze_database`	Performance, configuration, and storage analysis
`pg_monitor_database`	Real-time connection, query, lock, and replication monitoring
`pg_debug_database`	Diagnose connections, locks, performance, and replication

Write-capable (opt-in via `tool=` arg)

Tool	Description
`pg_execute_mutation`	INSERT / UPDATE / DELETE / UPSERT with parameterized queries
`pg_execute_sql`	Arbitrary SQL execution with optional transaction support

🏗️ Architecture

For a deep dive into the communication flow between the MCP client, proxy, and PostgreSQL - including the full sequence diagram - see ARCHITECT.md.

📄 License

Reviews

No reviews yet

Be the first to review this server!

More Data & Analytics MCP Servers

Toleno

Free

by Toleno · Developer Tools

Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.

mcp-creator-python

Free

by mcp-marketplace · Developer Tools

Create, build, and publish Python MCP servers to PyPI — conversationally.

MarkItDown

Free

by Microsoft · Content & Media

Convert files (PDF, Word, Excel, images, audio) to Markdown for LLM consumption

Postgres MCP Server

About

Security Report

Findings (16)Action required

Permissions Required

What You'll Need

How to Install

Documentation

✨ What it does

📋 Requirements

� Installation

Option 1 - No install (via `npx`, recommended for quick start)

Option 2 - Install via VS Code (MCP extension marketplace)

🚀 Usage in VS Code (`mcp.json`)

⚙️ How `mcp.json` configuration works

🗝️ `env` - credential key mapping

🔧 `args` - tool selection via `tool=` prefix

🛡️ Why read-only is the default

📍 `.env` file discovery

Monorepos and subfolders

🧰 Available tools

Read-only (enabled by default)

Write-capable (opt-in via `tool=` arg)

🏗️ Architecture

📄 License

Reviews

No reviews yet

More Data & Analytics MCP Servers

Toleno

mcp-creator-python

MarkItDown

FinAgent

mcp-creator-typescript

Google Workspace MCP

Postgres MCP Server

About

Security Report

Findings (16)Action required

Permissions Required

What You'll Need

How to Install

Documentation

✨ What it does

📋 Requirements

� Installation

Option 1 - No install (via npx, recommended for quick start)

Option 2 - Install via VS Code (MCP extension marketplace)

🚀 Usage in VS Code (mcp.json)

⚙️ How mcp.json configuration works

🗝️ env - credential key mapping

🔧 args - tool selection via tool= prefix

🛡️ Why read-only is the default

📍 .env file discovery

Monorepos and subfolders

🧰 Available tools

Read-only (enabled by default)

Write-capable (opt-in via tool= arg)

🏗️ Architecture

📄 License

Reviews

No reviews yet

More Data & Analytics MCP Servers

Toleno

mcp-creator-python

MarkItDown

FinAgent

mcp-creator-typescript

Google Workspace MCP

Option 1 - No install (via `npx`, recommended for quick start)

🚀 Usage in VS Code (`mcp.json`)

⚙️ How `mcp.json` configuration works

🗝️ `env` - credential key mapping

🔧 `args` - tool selection via `tool=` prefix

📍 `.env` file discovery

Write-capable (opt-in via `tool=` arg)