Cloud Connections
Connect to your PostgreSQL databases through Simpl's web interface.
Overview
Cloud Connections allow you to browse your databases directly from your web browser, without installing the desktop app. Your connection strings are stored securely on our servers and encrypted at rest.
Benefits of Cloud Connections
Cloud Connections are ideal when you need:
- Access from anywhere — Browse your database from any device with a web browser
- Team collaboration — Share database access with team members without sharing credentials
- No installation required — Perfect for machines where you can't install software
- Instant setup — Just paste your connection string and start browsing
For maximum security and performance, consider using Simpl Desktop instead, which keeps all credentials on your local machine and connects directly to your database.
How We Protect Your Data
Encrypted Storage
Your connection strings are protected with industry-standard encryption:
| Aspect | Implementation |
|---|---|
| Algorithm | AES-256-GCM |
| Key Size | 256 bits |
| IV | Unique per connection |
Connection strings are:
- Encrypted before storage — Never stored in plaintext
- Decrypted only at query time — Kept encrypted at rest
- Isolated per user — Each user's connections are separate
SSL/TLS Connections
We strongly recommend using SSL-encrypted connections to your database:
postgresql://user:pass@host:5432/db?sslmode=require
Available SSL modes:
| Mode | Description |
|---|---|
require | Encrypt connection, don't verify certificate |
verify-ca | Verify server certificate is signed by trusted CA |
verify-full | Verify certificate and hostname match |
Data Privacy
When using Cloud Connections:
- Your database queries pass through our servers
- We do not log or store your query results
- Schema information is cached temporarily for performance
- You can delete your connection at any time
Database User Setup
Read-Only Access (Recommended)
For browsing your data safely, we recommend creating a read-only database user:
-- Create a read-only user for Simpl
CREATE USER simpl_browser WITH PASSWORD 'your_secure_password';
-- Grant connection access
GRANT CONNECT ON DATABASE your_database TO simpl_browser;
-- Grant schema access
GRANT USAGE ON SCHEMA public TO simpl_browser;
-- Grant read-only access to all tables
GRANT SELECT ON ALL TABLES IN SCHEMA public TO simpl_browser;
-- Ensure future tables are also accessible
ALTER DEFAULT PRIVILEGES IN SCHEMA public
GRANT SELECT ON TABLES TO simpl_browser;
Note: With read-only credentials, inline editing features will not be available. This is the safest option for browsing production data.
Read-Write Access
If you need inline editing capabilities, add write permissions:
-- Additional grants for editing
GRANT INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA public TO simpl_browser;
ALTER DEFAULT PRIVILEGES IN SCHEMA public
GRANT INSERT, UPDATE, DELETE ON TABLES TO simpl_browser;
Network Configuration
About IP Allowlisting
Many cloud database providers recommend allowlisting specific IP addresses for security. However, IP allowlisting is not practical with Simpl Cloud Connections because our infrastructure runs on Vercel's serverless platform, which uses a dynamic pool of IP addresses that changes frequently.
Instead, we recommend:
- Use strong, unique credentials — Create a dedicated database user with a strong password
- Require SSL — Add
?sslmode=requireto your connection string - Limit database permissions — Grant only the access levels you need
- Consider the Desktop App — For databases with strict IP allowlisting requirements, Simpl Desktop connects directly from your machine
Provider-Specific Notes
Most cloud database providers (Supabase, Neon, Railway, Render) allow connections from any IP by default or have easy options to enable this. Some providers like AWS RDS may require additional security group configuration.
Adding a Cloud Connection
- Navigate to Cloud Connections in your dashboard
- Click Add Connection
- Enter a friendly name for your connection
- Paste your PostgreSQL connection string
- Click Test Connection to verify connectivity
- Save your connection
Connection String Format
postgresql://username:password@hostname:port/database
Provider-specific examples:
| Provider | Format |
|---|---|
| Supabase | postgresql://postgres.[project]:[password]@aws-0-[region].pooler.supabase.com:6543/postgres |
| Neon | postgresql://[user]:[password]@[endpoint].neon.tech/[database]?sslmode=require |
| Railway | postgresql://postgres:[password]@[host].railway.app:5432/railway |
| AWS RDS | postgresql://[user]:[password]@[instance].[region].rds.amazonaws.com:5432/[database] |
| Render | postgresql://[user]:[password]@[host].render.com:5432/[database] |
Troubleshooting
Connection Failed
If your connection test fails:
- Verify credentials — Double-check username and password
- Check network access — Ensure your database allows external connections
- Enable SSL — Add
?sslmode=requireto your connection string - Review firewall rules — If your database requires IP allowlisting, consider using Simpl Desktop instead
Supabase Connections
For Supabase, use the Connection Pooler URL:
- Go to your Supabase dashboard
- Navigate to Settings → Database → Connection string
- Select Connection Pooler (not "Direct connection")
- Choose Transaction mode
- Copy the pooler connection string
Permission Denied Errors
If you see permission errors when browsing:
- Verify the database user has
SELECTprivileges - Check that tables exist in the
publicschema - Ensure
USAGEis granted on the schema
Cloud vs Desktop Comparison
| Aspect | Cloud Connections | Desktop App |
|---|---|---|
| Credential storage | Encrypted on our servers | Encrypted on your machine |
| Query execution | From our servers | Direct from your computer |
| Network path | Your browser → Our servers → Your database | Your computer → Your database |
| IP allowlisting | Not supported (serverless) | Your machine's IP only |
| Team sharing | Built-in | Not available |
| Best for | Team access, convenience, anywhere access | Maximum security, strict network policies |
Best Practices
For Credentials
- Use dedicated users — Don't reuse credentials from other applications
- Limit privileges — Grant only the permissions you need (read-only is safest)
- Rotate passwords — Update credentials periodically
- Avoid superuser accounts — Never connect with admin credentials
For Database Configuration
- Require SSL — Enforce encrypted connections at the database level
- Enable logging — Monitor access with PostgreSQL audit logs
- Set connection limits — Prevent connection pool exhaustion
- Regular backups — Maintain your backup strategy