Back to Resources

How to Connect PostgreSQL to Chion: RDS, Azure, GCP, Neon, Supabase

Step-by-step guide to connecting your PostgreSQL database to Chion. Covers AWS RDS, Azure Database, GCP Cloud SQL, Neon, and Supabase with security best practices.

By Jonathan Dag··6 min read

Before you connect

You need: a PostgreSQL database (version 12+), read-only credentials, and network access from Chion's IP range. Chion never writes to your database — all queries are SELECT-only, enforced by the two-layer validator.

AWS RDS

  1. 1Create a read-only user: CREATE ROLE chion_reader WITH LOGIN PASSWORD '...' NOSUPERUSER NOCREATEDB NOCREATEROLE;
  2. 2Grant SELECT on target schemas: GRANT USAGE ON SCHEMA public TO chion_reader; GRANT SELECT ON ALL TABLES IN SCHEMA public TO chion_reader;
  3. 3Add Chion's IP to your RDS security group inbound rules (port 5432)
  4. 4In Chion Studio, paste your host, port, database name, and credentials

Azure Database for PostgreSQL

Same user creation steps. Add Chion's IP to the Azure firewall rules. If using Private Link, contact us for VPC peering options.

GCP Cloud SQL

Enable the Cloud SQL Auth Proxy or add Chion's IP to Authorized Networks. Create a read-only user with SELECT grants.

Neon

Copy your connection string from the Neon dashboard. Neon supports connection pooling — use the pooled endpoint for best performance.

Supabase

Use the connection string from Settings → Database. Create a read-only role rather than using the default postgres superuser.

Security

All credentials are stored in an AES-256-GCM encrypted vault. Credentials are loaded, consumed, and purged per-session — never cached in application memory. Every connection operation is logged to an immutable audit trail.

More in this topic

PostgreSQL Natural Language Queries: What Chion Supports and Why

Why PostgreSQL is Chion's only supported dialect today, and what that covers: CTEs, window functions, JSONB, array aggregations, and recursive queries.