Skip to main content
Guide to Connect PostgreSQL::
  1. Create a dedicated read-only user for Go Fig to limit permissions and improve security. (Recommended)
  2. Whitelist GoFig.ai’s IP address in your firewall or security group settings: 104.196.71.57
  3. Collect the following details:
  • PostgreSQL host/endpoint (IP address or hostname)
  • Port number (default: 5432)
  • Database name
  • Username and password with read access
For security, create a dedicated Go Fig user with read-only access: 
-- 1. Create a read-only user
CREATE USER gofig_readonly WITH PASSWORD 'your_secure_password_here';

-- 2. Grant connection to the database
GRANT CONNECT ON DATABASE your_database TO gofig_readonly;

-- 3. Grant usage on schema(s)
GRANT USAGE ON SCHEMA public TO gofig_readonly;

-- 4. Grant SELECT on all existing tables
GRANT SELECT ON ALL TABLES IN SCHEMA public TO gofig_readonly;

-- 5. Grant SELECT on future tables (recommended)
ALTER DEFAULT PRIVILEGES IN SCHEMA public
  GRANT SELECT ON TABLES TO gofig_readonly;

-- 6. For multiple schemas, repeat steps 3-5 for each schema
-- GRANT USAGE ON SCHEMA another_schema TO gofig_readonly;
-- GRANT SELECT ON ALL TABLES IN SCHEMA another_schema TO gofig_readonly;
Why This Matters:
  • Principle of Least Privilege: Go Fig only gets read access, never write
  • Audit Trail: Separate user makes it easy to track Go Fig queries
  • Security: Limits blast radius if credentials are compromised
Set a strong password and store it securely. Never use your admin credentials for database connection.

2) Whitelist GoFig.ai’s IP address in your firewall or security group settings

Go Fig needs network access to your PostgreSQL database. Configure your firewall to allow connections:
Allow Go Fig IP Address:Add this IP to your firewall allowlist (or pg_hba.conf):
# Go Fig Production IP
104.196.71.57/32
Update pg_hba.conf:
# Allow Go Fig read-only user from Go Fig IP
host    all    gofig_readonly    104.196.71.57/32    md5
Reload PostgreSQL: sudo systemctl reload postgresql
Update Security Group:
  1. Go to AWS Console → RDS → Your Database → Security Groups
  2. Add inbound rule:
    • Type: PostgreSQL (5432)
    • Source: 104.196.71.57/32
    • Description: Go Fig Analytics
[SCREENSHOT: AWS RDS security group inbound rules showing PostgreSQL port 5432 with Go Fig IPs]
Authorize Networks:
  1. Go to Google Cloud Console → SQL → Your Instance → Connections
  2. Click Add Network
  3. Enter Go Fig IP address: 104.196.71.57
  4. Click Done and Save
[SCREENSHOT: Cloud SQL authorized networks panel with Go Fig IPs added]Alternative - Private IP:
  • Use Cloud SQL Proxy or Private IP with VPC peering for enhanced security
  • Contact Go Fig support for VPC peering setup
Update Firewall Rules:
  1. Go to Azure Portal → Your PostgreSQL Server → Connection Security
  2. Add firewall rule for Go Fig:
    • Rule name: GoFig
    • Start IP: 104.196.71.57
    • End IP: 104.196.71.57
  3. Click Save
[SCREENSHOT: Azure PostgreSQL firewall rules showing Go Fig IPs]

3) Connect Go Fig to PostgreSQL

1

Add PostgreSQL connection

Navigate to your Organization Data page and click + Add data. Select PostgreSQL from the list of database connections.[SCREENSHOT: Organization Data page with “Add data” button and PostgreSQL option in connector list]
2

Enter connection details

Fill in your PostgreSQL connection information:
  • Host: Database server hostname or IP address (i.e. mydb.example.com or 192.168.1.100)
  • Database: Name of the database to connect to (i.e. production, analytics, myapp)
  • Username: PostgreSQL username with read access
  • Password: Password for the PostgreSQL user
  • SSL Mode (Optional): Connection encryption setting
    • Disable: No SSL (only for trusted internal networks)
    • Require: Require SSL but don’t verify certificate (default)
    • Verify-CA: Require SSL and verify certificate authority
    • Verify-Full: Require SSL and verify full certificate chain
For production databases, always use SSL Mode “Require” or higher to encrypt data in transit.
3

Connect to PostgreSQL

Click Connect to PostgreSQL to complete the setup. Go Fig will verify the connection, encrypt and store your credentials securely.[SCREENSHOT: “Connect to PostgreSQL” button]

Security Best Practices

Go Fig Security Features

  • Encrypted Credentials: Go Fig encrypts all connection credentials at rest
  • SSL/TLS Encryption: All data in transit uses SSL/TLS encryption
  • Credential Protection: Credentials are never logged or displayed in plain text
  • Role-Based Access Control: COMING SOON - Granular permissions for connection management
Use read-only user: Never connect with a user that has write permissions.
Enable SSL: Always use SSL Mode “Require” or higher for production databases.
Restrict network access: Only allow Go Fig IP addresses in your firewall.
Rotate credentials regularly: Change passwords every 90 days.
Monitor query activity: Review PostgreSQL logs for unusual query patterns.
Use schema isolation: Grant access only to specific schemas and tables, not all databases.
Audit connections: Regularly review pg_stat_activity for active Go Fig connections.
Never use superuser credentials: Create a dedicated user with minimal necessary permissions.