Connecting to Databases
Connect to your PostgreSQL database from services and external clients.
When you create a database, SMLL automatically generates connection credentials and stores them as a secret in your VPC.
Connection credentials
The following environment variables are available in the auto-generated database secret:
| Variable | Example |
|---|---|
POSTGRES_USER | app |
POSTGRES_PASSWORD | (generated) |
POSTGRES_HOST | my-db-cluster-rw.vpc-abc12345.svc.cluster.local |
POSTGRES_PORT | 5432 |
POSTGRES_DB | app |
DATABASE_URL | postgresql://app:pass@host:5432/app |
Connecting from a service
The easiest way to connect from a service running in the same VPC is to reference the database secret in your service's environment variables:
- Go to your service's Environment Variables tab
- Add a new variable (e.g.
DATABASE_URL) - Select Link from secret and choose your database credentials
- Pick the
DATABASE_URLkey - Redeploy your service
Your application can then use DATABASE_URL directly — no hardcoded credentials needed.
Connecting externally
Databases are also reachable from outside your VPC via their public hostname:
| Endpoint | Hostname pattern |
|---|---|
| Read/write | {id}.{region}.database.smll.io |
| Read-only replica | {id}-ro.{region}.database.smll.io |
Use the credentials from the database detail page or the auto-generated secret to connect with any PostgreSQL client:
psql "postgresql://app:YOUR_PASSWORD@abc12345.eu-central-1.database.smll.io:5432/app"PgBouncer connection pooling
When connection pooling is enabled, your application connects through PgBouncer rather than directly to PostgreSQL. This is transparent — the same credentials and hostname work.
PgBouncer uses transaction mode, which means:
- Each transaction gets a dedicated server connection
- Connections are returned to the pool between transactions
- Prepared statements work within a single transaction
This is ideal for web applications and serverless functions that create many short-lived connections.
SSL/TLS
All database connections use SSL by default. Both the direct and pooler endpoints require encrypted connections. No additional configuration is needed — most PostgreSQL clients enable SSL automatically.
If your client requires an explicit SSL mode:
psql "postgresql://app:YOUR_PASSWORD@host:5432/app?sslmode=require"Troubleshooting
| Issue | Solution |
|---|---|
| "Connection refused" | Verify the hostname and port. Check that your service is in the same VPC. |
| "Password authentication failed" | Double-check the credentials from the database secret. |
| "Too many connections" | Use the pooler endpoint instead of direct. See Connection Pooling. |
| "SSL connection required" | Add ?sslmode=require to your connection string. |
Related
- Connection Pooling — handle high-concurrency workloads
- Secrets — how database credentials are stored
- Replicas — read-only replicas for scaling