Open Connector
Self-Hosting

Database Setup

Configure Postgres and run database migrations for Open Connector.

Open Connector uses PostgreSQL (15+) with Drizzle ORM over node-postgres. drizzle-kit owns schema push and migration commands; the generated schema document is the current table inventory.

Requirements

  • PostgreSQL 15 or later
  • Connection string in DATABASE_URL env var

Local Development

The included docker-compose.yml provides a ready-to-use Postgres instance:

# Start just the database
pnpm db:start

# Stop it
pnpm db:stop

This runs Postgres on port 5432 with the default credentials from your .env.

Applying Migrations

After setting DATABASE_URL, push the schema to your database:

# Push schema changes (development / first-time setup)
pnpm db:push

# Generate a migration file (for production deployments)
pnpm db:generate

# Apply pending migrations
pnpm db:migrate

db:push is fast for development — it applies schema diffs without generating migration files. For production, use db:generate + db:migrate for a proper audit trail of schema changes.

Schema Overview

The database schema is documented in docs/generated/db-schema.md. Regenerate it with:

pnpm db:doc

Key tables:

TableDescription
organizationTop-level tenants
projectGroups of connectors within an org
auth_configOAuth app credentials per provider (encrypted)
connectionA user's linked third-party account (encrypted tokens)
tool_execution_logRecord of brokered tool/credential use
user / session / accountBetter Auth user management tables
apikeyAgent API keys with scope metadata

The tamper-evident audit trail (SHA-256 hash chain) is emitted as structured evlog wide events, not stored in a dedicated database table. See the full schema doc for all 28 tables.

Drizzle Studio

Inspect and edit your database with a visual UI:

pnpm db:studio

Opens Drizzle Studio at https://local.drizzle.studio.

Production: Managed Postgres

For production deployments, we recommend:

  • Neon — the repository's production deployment uses Neon. Use the pooled connection string (…-pooler.…neon.tech/…?sslmode=require) and choose a region close to your application host.
  • Supabase — includes row-level security and a web dashboard
  • AWS RDS / Google Cloud SQL — for enterprise requirements

Ensure the database is in the same region as your API server to minimize latency on every request. The supported AWS production topology is documented in Deploy to AWS.

Backup Strategy

Open Connector stores encrypted OAuth tokens in the database. Include regular Postgres backups in your disaster recovery plan. Losing the database means users must re-authenticate — their OAuth connections cannot be recovered without the original token rows.

The CONNECTOR_ENCRYPTION_KEY is used to encrypt all stored tokens. Back it up securely and separately from the database. If you lose the key, stored tokens become unreadable even with a full database backup.

On this page