Restrict access to the database via IP address or Tailscale tailnet?

croaky · April 9, 2023, 12:29am

Hi, if my Neon Postgres connection string somehow leaks, are there any additional protections provided by the platform to help limit the damage? I’ve seen “restrict by IP address” (e.g. Render.com Postgres) and "add to Tailscale tailnet (e.g. Crunchy Bridge) on other platforms. Thanks!

Mahmoud · April 12, 2023, 3:44pm

If a connection somehow leaks, you can reset the password for the connection string.

We currently don’t support restricting access to specific IP addresses. It’s on our roadmap, but not for the immediate future in Q2. Is this a blocker for you?

croaky · April 13, 2023, 12:00am

Okay, thanks. Yes, it’s a blocker for my use case. I’m looking to move a Heroku (Common Runtime) Postgres somewhere else for increased security.

Mahmoud · April 13, 2023, 10:28am

I’ll share your feedback with our Product team. Thank you for reaching out

Sukhchain_Singh · May 4, 2023, 2:36pm

I agree that this is a basic security feature that should be implemented as soon as possible. Please prioritize the implementation of this feature to ensure the security of your customers’ data.

osdiab · May 14, 2023, 7:01am

Also makes it hard for me to justify using Neon for production on my B2B SaaS, along with the general lack of information on GDPR compliance etc. Pretty much limits us to convenience for dev environments.

net · May 25, 2023, 4:08am

I would also like support for Tailscale, and the ability to restrict specific IP access per role.

Nick_E · June 29, 2023, 9:58pm

Also a requirement for our use case, unfortunately. I’m glad to hear that Neon is planning on implementing this feature at least. Is there an ETA for this?

johnbeasley123 · July 13, 2023, 7:13am

+1 for Tailscale, you guys are great!

ogmusn · July 14, 2023, 8:05pm

This is a blocker for us as well, it’s a shame that this feature isn’t ready yet.

chachra · December 7, 2023, 11:07pm

any ETA on this? would be great to have!

Mahmoud · December 8, 2023, 10:13am

Hey @chachra @ogmusn @johnbeasley123 @Nick_E @net @Sukhchain_Singh @croaky

Restricting access to databases via IP address will be available by the end of the year

Btw, we also just launched the Neon Discord server. We’d love for you to join and share feedback about this feature when it lands

chachra · December 9, 2023, 12:36am

Thats awesome! Joined discord, thanks!

yuki · December 18, 2023, 2:54pm

This is very great news. We are in the process of migrating our DB from render.com to NEON after learning about this.

We have also joined Discoard. I am very much looking forward to hearing the following release news before the end of the year.

Restricting access to databases via IP address will be available by the end of the year:smile:

ahattemer · December 19, 2023, 10:28pm

We’ve just shipped the IP Allow feature, available on Pro-tier accounts, to give you the ability to restrict access to your databases by IP and IP range.

See Restrict Access to Your Neon Database with IP Allow - Neon for more info!