For database stuff most databases like PostgreSQL have robust permissions mechanisms built in.

No need to mess around with regular expressions against SQL queries when you can instead give the agent a PostgreSQL user account that's only allowed read access to specific tables.

▲

nico 9 hours ago | parent [-]

You are right, and that's great for queries

How do you provide db access? For example, to access an RDS db, you have to connect from within the AWS/EC2 environment, which means either providing the agent ssh access to a server, from which it can run psql, or creating a tunnel

Additionally, with multiple apps/dbs, that means having to do the setup multiple times. It would be nice to be able to only configure the agent instead of all the apps/dbs/servers

	▲	tracker1 9 hours ago \| parent \| next [-]
		You can't provide an existing ssh tunnel with a port for said database yourself, locally?
	▲	browningstreet 9 hours ago \| parent \| prev [-]
		"aws iam service accounts"