Docs/Connections

PostgreSQL Server Configuration

Use this page for self-managed PostgreSQL deployments that DBConvert Streams connects to directly.

It covers the base setup for:

  • Load workflows
  • Data Explorer and SQL Console access
  • PostgreSQL CDC source preparation

For current support boundaries, see the product introduction page.

For managed cloud databases, use the provider-specific guide instead:

For CDC replication settings, see PostgreSQL CDC Source Configuration.

Server requirements

Use a PostgreSQL instance that is reachable from the DBConvert Streams deployment and prepared with:

  • a hostname or IP address reachable over port 5432
  • a database user with the required read or replication privileges
  • remote access and firewall rules configured
  • SSL/TLS when the environment requires encrypted transport

Minimum privileges

The required access depends on the workflow:

  • Load: SELECT on the source tables
  • Explorer and SQL Console: SELECT on the objects you need to inspect
  • CDC mode: logical replication prerequisites plus the permissions documented in PostgreSQL CDC Source Configuration
GRANT USAGE ON SCHEMA schema_name TO "user";
GRANT SELECT ON ALL TABLES IN SCHEMA schema_name TO "user";

If you create new tables after the initial grant, update default privileges as needed.

Schema scope

PostgreSQL source workflows often use multiple schemas. DBConvert Streams can discover and select tables across schemas when the connection user can see them.

Use Schema Selection Guide for how auto-discovery and explicit table selection work in stream configuration.

Connection configuration

SettingDefaultDescription
HostPostgreSQL server hostname or IP
Port5432PostgreSQL listener port
UsernameDatabase user
PasswordDatabase password
DatabaseTarget database
SchemapublicDefault schema context
SSL/TLSdisableSee SSL Configuration

Example connection payload:

{
  "name": "postgresql-source",
  "type": "postgresql",
  "host": "your-postgresql-server",
  "port": 5432,
  "username": "your_user",
  "password": "your_password",
  "database": "your_database",
  "ssl": {
    "mode": "verify-ca",
    "ca": "/path/to/ca.pem",
    "cert": "/path/to/client-cert.pem",
    "key": "/path/to/client-key.pem"
  }
}

SSL/TLS security

SSL/TLS is optional. Use it when your environment requires encrypted transport or certificate validation — typically production deployments, cloud-hosted databases, or connections over public networks.

Example server settings:

ssl = on
ssl_cert_file = '/path/to/server-cert.pem'
ssl_key_file = '/path/to/server-key.pem'
ssl_ca_file = '/path/to/ca.pem'

Common SSL modes:

  • disable: No SSL
  • require: Always use SSL without verification
  • verify-ca: Verify the server certificate
  • verify-full: Verify the certificate and hostname

For certificate details, use SSL Configuration.

Network access

Enable remote listening if the server is not local to the deployment:

listen_addresses = '*'

Allow the DBConvert Streams host in pg_hba.conf:

host    all    all    <DBS-IP-ADDRESS>/32    md5

Example firewall rule:

sudo ufw allow from <DBCONVERT_STREAMS_IP> to any port 5432

CDC-specific preparation

CDC requires more than base connectivity. For PostgreSQL CDC source workflows, also confirm:

  • logical replication is enabled
  • WAL settings and replication capacity are sufficient
  • the selected user has the required privileges
  • replication slots and publication details are configured as required by the workflow

Use PostgreSQL CDC Source Configuration for the detailed sequence.

Validation checklist

Before creating a stream:

  1. Test the connection from the Data Explorer sidebar (right-click → Test connection) or from the connection editor.
  2. Open the connection in Data Explorer to confirm visible schemas and tables.
  3. Run a simple query in the SQL Console if you need to verify permissions or row filters.
  4. Create the stream only after the source scope looks correct.