Databases

Each [[databases]] block declares one PostgreSQL database for pgsense-rs to monitor. The scanner runs an independent pipeline per entry, so you can monitor multiple databases concurrently from a single process.

Fields

[[databases]]
host          = "localhost"     # default "localhost"
port          = 5432            # default 5432
dbname        = "app"           # default "postgres"
username      = "pgsense"       # default "postgres"
password      = "..."                            # inline value, or:
# password    = { file = "/run/secrets/db-password" }   # read from a file
publication   = "pgsense_pub"   # default "pgsense_pub"

[databases.tls]
enabled            = false
trusted_root_certs = "/path/to/ca.pem"   # optional

[databases.scan]
# Per-database filter — overrides the top-level [scan] block.
# See the Scan Filter page for field details.

Validation rejects empty host, dbname, username, or publication, and a port of 0.

Identity key

Each database is identified by "{host}/{dbname}". This string is used as:

The database label on Prometheus metrics.
The dedup key prefix.
The replication slot ID (stable across restarts, derived from the identity string by a deterministic hash).

Important

Two [[databases]] entries with the same host and dbname are rejected at startup. The combination must be unique across all entries.

Multiple databases

[[databases]]
host = "primary.example.com"
dbname = "orders"
username = "pgsense"
password = { file = "/run/secrets/orders-pw" }

[[databases]]
host = "secondary.example.com"
dbname = "users"
username = "pgsense"
password = { file = "/run/secrets/users-pw" }

Each database keeps its own replication slot, scan filter, and metrics labels. Findings from all databases fan out to the same alert channels unless a rule restricts itself with channels = [...].

Keyboard shortcuts

pgsense-rs

Databases

Fields

Identity key

Multiple databases

See also