45559c0e-d9d4-4741-94b7-ca25b55059d3

Database Manager

Provision, connect, and manage databases with Forgeon — from Postgres to Redis, ClickHouse, and more.

Databases (mdx-service)

Forgeon’s mdx-service provisions and wires databases for your projects. You can start with simple dev defaults, then switch to production-grade secrets and storage as you scale.

Dev credentials below are for local or sandbox use only. In production, use a secrets resolver (KMS, Vault, cloud secrets) and rotate regularly.

What we support

  • Postgres (also pg, postgresql)
  • MySQL and MariaDB
  • Redis and Valkey
  • Cassandra
  • ClickHouse
  • QuestDB
  • Qdrant
  • OpenSearch
  • Trino
  • Dremio
  • FerretDB

If your engine is not listed, you can still connect over network or run it via Docker and point Forgeon to it.

Quick start (dashboard only)

  1. In your Project → Databases → New, pick an engine (Postgres, Redis, etc).
  2. Choose Environment (Production, Staging, or Dev).
  3. For Dev, you may use the built-in defaults (see below).
    For Prod, select Managed Secrets and persistent storage.
  4. Click Create. Forgeon will show:
    • Internal host and port
    • Connection URL
    • App and admin credentials (or secret refs)
  5. In Settings → Environment, add DATABASE_URL (and any engine-specific vars). Redeploy.
example

Dev defaults (what you saw in code)

Your snippet defines minimal “starter” secrets. Here is what that means in human-speak:

Postgres

  • Dev users:
    • admin: postgres:postgres
    • app: postgres:postgres
  • Typical URL: postgres://postgres:postgres@HOST:5432/DBNAME
  • Notes: Great general-purpose relational DB, migrations via Prisma, Flyway, or Goose.

MySQL / MariaDB

  • Dev users:
    • admin: root:root
    • app: app:app
  • Typical URL: mysql://app:app@HOST:3306/DBNAME
  • Notes: Choose MariaDB if you prefer OSS fork features.

Redis / Valkey

  • Dev users: none (defaults to no auth)
  • URL: redis://HOST:6379
  • Notes: In prod, set requirepass or ACLs; for Valkey same story.

Cassandra

  • Dev users: cassandra:cassandra
  • URL: depends on driver, often cassandra://HOST:9042/KEYSPACE
  • Notes: Wide-column store; tune consistency per workload.

ClickHouse

  • Dev users: none (default user default with no password)
  • URL: clickhouse://HOST:9000 (native) or http://HOST:8123
  • Notes: Columnar OLAP, blazing fast analytics.

QuestDB

  • Dev admin: admin:admin (if auth enabled in your image)
  • URL: postgresql://admin:admin@HOST:8812/qdb
  • Notes: Time-series database with Postgres wire protocol.

Qdrant

  • Dev auth: none by default
  • URL: http://HOST:6333
  • Notes: Vector DB; API-first via HTTP and gRPC.

OpenSearch

  • Dev auth: none by default (often basic auth in prod)
  • URL: https://HOST:9200
  • Notes: Search and analytics, Elasticsearch-compatible APIs.

Trino

  • Dev auth: none by default
  • URL: http://HOST:8080
  • Notes: Distributed SQL query engine; connects to many sources.

Dremio

  • Dev auth: none by default (configure user in prod)
  • URL: http://HOST:9047
  • Notes: Lakehouse; JDBC/ODBC support.

FerretDB

  • Dev auth: none by default
  • URL: mongodb://HOST:27017
  • Notes: MongoDB-compatible layer backed by Postgres or others.

The mdx-service code uses a function similar to defaultSecretsFor(engine) to supply these dev defaults. For production, switch to a SecretResolver backed by KMS or your cloud provider.

Connection basics

  • Always bind to 0.0.0.0 inside your app and read PORT for HTTP services; for databases, you connect to the host:port Forgeon shows in the database detail panel.
  • Prefer a single DATABASE_URL for app code. Add engine-specific extras only if your driver needs them.
  • Runtime injection: secrets are injected at build/runtime only for the target project and environment.

Example environment variables

  • Postgres:
    DATABASE_URL=postgres://app:postgres@db:5432/mydb
  • MySQL:
    DATABASE_URL=mysql://app:app@db:3306/mydb
  • Redis:
    REDIS_URL=redis://db:6379
  • ClickHouse (HTTP):
    CLICKHOUSE_URL=http://db:8123
  • Qdrant:
    QDRANT_URL=http://db:6333

Health and readiness

  • App readiness lives at your app’s /readyz.
  • Database readiness is checked by mdx-service at container start (simple ping or TCP connect).
  • You can override grace periods in Project → Settings → Health Check.

Storage and backups

  • Dev environments may use ephemeral storage; data can be reset on redeploy.
  • Production:
    • Persist volumes per database service
    • Schedule backups (daily by default; configure retention)
    • Enable high-availability where offered (engine-specific)

If you see data resetting after a restart, you are likely on an ephemeral dev volume. Migrate to a persistent tier before launch.

Security and secrets

  • Use managed secrets for production (KMS or cloud secrets).
  • Rotate passwords regularly; prefer separate app and admin users.
  • Limit network exposure; keep DBs on private networks unless explicitly required.

Migrations and schema

  • Postgres/MySQL: Prisma, Flyway, Liquibase, Goose, Alembic
  • ClickHouse: SQL files baked into your build step
  • Cassandra: cqlsh scripts or migration tools
  • FerretDB: manage via Mongo-compatible tooling
example: Postgres migration in a build step
$psql-fmigrations/001_init.sql

When to use dev defaults vs production secrets

  • Dev defaults: quick local bring-up, throwaway environments, preview apps.
  • Production: customer data, backups, HA, audited access, and KMS-backed secrets.
next steps
# Create a database then wire the URL