Skip to main content
Your app connects to its database through credentials that Replit manages for you. Find them in the Database tool: select a database, then open the Settings tab. It shows the connection string, storage usage, and advanced connection details.
Database Settings tab showing the DATABASE_URL connection string, storage usage, and advanced connection details

Environment variables

The following environment variable is available for connecting to your development database:
  • DATABASE_URL: how to connect and authenticate to the database
Your app uses it automatically. Because DATABASE_URL is scoped to your app, your development database cannot be accessed by other apps, even ones you own, or by external database viewers. Even if leaked, it cannot be used by anyone else to access and modify your database.
If your development database is still on the legacy Neon infrastructure, the additional variables PGHOST, PGUSER, PGPASSWORD, PGDATABASE, and PGPORT are also available. These are not provided for databases hosted on Replit’s current infrastructure; use DATABASE_URL instead.
If you are still on the legacy Neon development database, do not share your DATABASE_URL. It contains your database credentials, which could be used by anyone to access and modify your database. Never paste it in public places or support tickets.

Connect an external tool

You can connect to your production database from any PostgreSQL-compatible SQL client using the connection string from the production database’s Settings tab.

Security

When you add a database integration using Agent, it adds an Object-Relational Mapper (ORM) that handles all database communications with built-in security:
  • Schema validation: Verifies data conforms to expected formats
  • Data sanitization: Automatically cleans up builder input to prevent SQL injection attacks

Next steps