Private Proxied Connections

One of the issues I see with services like Neon is the fact that the DB is publicly addressable and this can pose a security risk.

I originally came here to ask for a fly.io integration but then I started thinking about how GCP Cloud SQL has the cloud_sql_proxy binary you can download and use to create a secure tunnel to the DB. If Neon offered a similar tool then it would likely stand in as a fallback for a lot of custom integrations.

I am envisaging a setup where I can mark a DB as private, then to connect to it I need to download a neon-proxy binary and run it with some credentials. I would then get a local port / socket that I could connect to my DB on. Presumably the neon-proxy tool could under the hood either use something like wireguard to tunnel into the network or possibly use the recently announced websoocket connection proxying?

Anyway, just a thought on one direction that could be helpful for people trying to integrate Neon into different environments.

1 Like

I too am very curious if there’s something on the roadmap to connect without making the database publicly addressable