Open your database to agents, safely
Point it at any Postgres and hand your agents access you stay in full control of.
No password sharing
Agents connect with a dedicated token, never your database credentials. Revoke it anytime without touching the database.
Sensitive data masked
Emails, phone numbers, secrets and free-text are masked before they ever leave the proxy. Raw values never reach the agent.
You decide what's visible
Choose exactly which tables and columns each agent can read, and how each one is masked. Everything else stays hidden.
Read-only by design
Agents can query, never write. No raw SQL is accepted — just safe, structured reads against the data you allow.
Any Postgres, install nothing
Point it at an existing connection string. No extensions, no replicas, no schema changes — your database is untouched.
Scoped tokens & full audit
Issue per-agent tokens with exactly the access they need, and every query is logged for a complete audit trail.
Real data in, masked data out
The same row, as it lives in your database versus what the agent actually receives.
| id | phone | api_key | |
|---|---|---|---|
| 1042 | ethan@vm0.ai | +1 213 555 0142 | sk_live_9f3a2b… |
| 1043 | lancy@vm0.ai | +1 213 555 7791 | sk_live_77c1de… |
| id | phone | api_key | |
|---|---|---|---|
| 1042 | e***@vm0.ai | +X XXX XXX 0142 | •••••••• |
| 1043 | l***@vm0.ai | +X XXX XXX 7791 | •••••••• |
Mask each column your way — partial reveal, redaction, hashing, or hidden entirely.
Live in three steps
Connect your database
Give maskdb a read-only connection string. Nothing is installed or changed on your side.
Choose what's visible
Pick the tables and columns agents may read, and set how each sensitive column is masked.
Hand out a token
Issue a scoped token to each agent. They query safe, masked data — you keep full control and audit.