Skip to main content
DBBat

Give (temporary) access to your PostgreSQL, Oracle, MySQL & MariaDB databases. Every query logged. Every result captured.

Demo login: admin / admin

🔌

Multi-Engine Proxy

PostgreSQL, Oracle, and MySQL/MariaDB on independent listeners. Connect any standard client — psql, sqlplus, mysql, DBeaver, your ORM — without application changes.

🔍

Query Observability

Track every query with full SQL text, parameters, execution time, rows affected, and optional result-data capture. Text and binary protocols decoded the same way.

🔐

Granular Access Control

Time-windowed grants with combinable controls — read_only, block_copy, block_ddl — plus per-grant quotas on queries and bytes transferred.

👥

User & API Key Management

Local users with admin, viewer, and connector roles. Optional Slack sign-in. API keys for programmatic access — and they cannot create or revoke other keys.

🛡️

Secure by Design

Passwords hashed with Argon2id, database credentials encrypted with AES-256-GCM and bound to the database UID. Append-only audit log of every administrative change.

🧱

Defense in Depth

Read-only enforced via SQL inspection and engine-level session flags. MySQL LOCAL INFILE opted out of the upstream capabilities. PostgreSQL session bypass attempts blocked.

📼

Session Packet Dumps

Optional per-session binary capture of the post-auth command stream. Same .dbbat-dump format across all protocols, with a CLI anonymiser for safe sharing.

🌐

REST API + Web UI

Full OpenAPI 3.0 spec served at /api/docs. React frontend embedded in the binary at /app for managing users, databases, grants, and browsing query history.

📦

Single Binary

One Go binary backed by PostgreSQL. Distroless Docker image, Helm chart, Kubernetes-friendly. Stateless beyond its store — replicas welcome.

See it in Action

Explore the DBBat interface for managing database access and monitoring queries.

Dashboard showing recent connections and activity
Dashboard
Query log with SQL details and execution times
Query Logging
Grant management with time-based access controls
Access Control

Quick Start

Get DBBat running in seconds with Docker — one container fronts PostgreSQL, Oracle, and MySQL/MariaDB:

docker run
  -p 5434:5434  # PostgreSQL proxy
  -p 1522:1522  # Oracle proxy
  -p 3307:3307  # MySQL / MariaDB proxy
  -p 4200:4200  # REST API + web UI
  -e DBB_DSN=postgres://dbbat:dbbat@pgserver:5432/dbbat
  ghcr.io/fclairamb/dbbat

View full installation guide