Database Setup
Configure Postgres and run database migrations for Open Connector.
Open Connector uses PostgreSQL (15+) with Drizzle ORM over node-postgres. drizzle-kit owns schema push and migration commands; the generated schema document is the current table inventory.
Requirements
- PostgreSQL 15 or later
- Connection string in
DATABASE_URLenv var
Local Development
The included docker-compose.yml provides a ready-to-use Postgres instance:
# Start just the database
pnpm db:start
# Stop it
pnpm db:stopThis runs Postgres on port 5432 with the default credentials from your .env.
Applying Migrations
After setting DATABASE_URL, push the schema to your database:
# Push schema changes (development / first-time setup)
pnpm db:push
# Generate a migration file (for production deployments)
pnpm db:generate
# Apply pending migrations
pnpm db:migratedb:push is fast for development — it applies schema diffs without generating migration files. For production, use db:generate + db:migrate for a proper audit trail of schema changes.
Schema Overview
The database schema is documented in docs/generated/db-schema.md. Regenerate it with:
pnpm db:docKey tables:
| Table | Description |
|---|---|
organization | Top-level tenants |
project | Groups of connectors within an org |
auth_config | OAuth app credentials per provider (encrypted) |
connection | A user's linked third-party account (encrypted tokens) |
tool_execution_log | Record of brokered tool/credential use |
user / session / account | Better Auth user management tables |
apikey | Agent API keys with scope metadata |
The tamper-evident audit trail (SHA-256 hash chain) is emitted as structured evlog wide events, not stored in a dedicated database table. See the full schema doc for all 28 tables.
Drizzle Studio
Inspect and edit your database with a visual UI:
pnpm db:studioOpens Drizzle Studio at https://local.drizzle.studio.
Production: Managed Postgres
For production deployments, we recommend:
- Neon — the repository's production deployment uses Neon. Use the pooled connection string (
…-pooler.…neon.tech/…?sslmode=require) and choose a region close to your application host. - Supabase — includes row-level security and a web dashboard
- AWS RDS / Google Cloud SQL — for enterprise requirements
Ensure the database is in the same region as your API server to minimize latency on every request. The supported AWS production topology is documented in Deploy to AWS.
Backup Strategy
Open Connector stores encrypted OAuth tokens in the database. Include regular Postgres backups in your disaster recovery plan. Losing the database means users must re-authenticate — their OAuth connections cannot be recovered without the original token rows.
The CONNECTOR_ENCRYPTION_KEY is used to encrypt all stored tokens. Back it up securely and separately from the database. If you lose the key, stored tokens become unreadable even with a full database backup.